Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 9
Affects Version/s: 9
Component/s: security-libs
Labels:
- autoverify
- noreg-other

Subcomponent:
java.security
Resolved In Build:
b161
Verification:
Not verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8177011	10	Anthony Scarpino	P3	Resolved	Fixed	b03
JDK-8176536	8u152	Anthony Scarpino	P2	Resolved	Fixed	b02

Description

1. Imports the below SHA1 certificate into TEST_JDK/lib/security/cacerts as a trusted JDK CA with alias like "testca [jdk]"
-----BEGIN CERTIFICATE-----
MIICWzCCAcQCCQCtPczRiCRiFjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJV
TjETMBEGA1UECAwKU29tZSBTdGF0ZTEVMBMGA1UEBwwMVW5rbm93biBDaXR5MREw
DwYDVQQKDAhUZXN0IE9yZzESMBAGA1UECwwJVGVzdCBVbml0MRAwDgYDVQQDDAdU
ZXN0IENBMB4XDTE3MDIyODAyNTIwN1oXDTE3MDMzMDAyNTIwN1owcjELMAkGA1UE
BhMCVU4xEzARBgNVBAgMClNvbWUgU3RhdGUxFTATBgNVBAcMDFVua25vd24gQ2l0
eTERMA8GA1UECgwIVGVzdCBPcmcxEjAQBgNVBAsMCVRlc3QgVW5pdDEQMA4GA1UE
AwwHVGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArtAsOS/uNlIP
TGGT3if2yM00BMkjdiMUUpIH4BqzryFz8y5Q4V0x7E5NeLjwMlHcGpvHOyqMadi1
FoWT5nvJzeBvvwQwL4JwN1LLpqZyITmIRh8Ps7mfGbUX87phKig16Qc4o9jlH5y5
+i2lGJWx3ByENo3dFaHcTvXS0vrPZCUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQB3
Ij4727A9yZQKF5S8YRTSiA1+8G7lFm+BQu9uBJw5cm/+TL2UsJPn96Asy8EUfD9k
SI685uGxRg90CAf5DYZ2gZe4LAP79KFmPlJKjbaVl8QuaFUmur9x5cR6aLCRBBLH
5UW4OxLmPBJGk0FwpVf9fXJooh7W4wt4cJW1SlNrZQ==
-----END CERTIFICATE-----

2. The attached JSSECertPathCheck.java is a SSL test which depends on SSLSocketTemplate.
It contains a SHA1 end entity certificate, which is issued by the above SHA1 CA, and uses constraint "SHA1 jdkCA & usage TLSServer" for jdk.certpath.disabledAlgorithms.
The test should fail on C/S communication, but it doesn't.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

client.log
7 kB
2017-03-09 19:35
JSSECertPathCheck.java
5 kB
2017-03-10 15:55
server.log
0.8 kB
2017-03-09 19:35
SSLClient.java
1 kB
2017-03-09 19:34
SSLServer.java
2 kB
2017-03-09 19:34

Issue Links

backported by

JDK-8176536 Improved algorithm constraints checking

Resolved

JDK-8177011 Usage constraints don't take effect when using PKIX

Resolved

relates to

JDK-8160655 Fix denyAfter and usage types for security properties

Closed

Activity

People

Assignee:: Anthony Scarpino

Reporter:: John Jiang

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2017-03-07 23:46

Updated:: 2017-03-20 14:30

Resolved:: 2017-03-10 21:09