Relax signature algorithm provider restriction for signed JAR verification

XMLWordPrintable

    • Type: Enhancement
    • Resolution: Unresolved
    • Priority: P4
    • tbd
    • Affects Version/s: None
    • Component/s: security-libs
    • None

      Currently, verifying a signed JAR only uses a hardcoded of JDK-internal providers. This makes sure a third-party JCA/JCE JAR file does not uses a signature defined inside it to sign itself, and thus avoid an infinite loop. For non JCA/JCE JAR files, this might not be necessary.

            Assignee:
            Unassigned
            Reporter:
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: