On Thu, 6 May 2021 16:49:33 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
> Please review the change to jarsigner so it uses certpath security property
> in order to properly display the weakness of the certificate algorithms.
test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90:
> 88: // key, but not for its SHA1withRSA algorithm.
> 89: .shouldContain("Signature algorithm: SHA1withRSA,
> 1024-bit key (weak)")
> 90: .shouldHaveExitValue(0);
What does the test show before this fix?
I don't see `Security.setProperty` called or a new `java.security` file is
used. If `jdk.jar.dA` and `jdk.certpath.dA` are the same, then there's no way
to find out if the new code works.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3905
