Key/certificate loading can yield inconsistent algorithm values #2
Assignees
Labels
bug
Something isn't working
Comments
io7m
added a commit
that referenced
this issue
Dec 17, 2023
Release: com.io7m.canonmill 2.0.0 Change: Fix an issue that can cause incompatible algorithm names. (Ticket: #2) Change: (Backwards incompatible) Require JDK 21
io7m
added a commit
that referenced
this issue
Dec 17, 2023
Release: com.io7m.canonmill 2.0.0 Change: Fix an issue that can cause incompatible algorithm names. (Ticket: #2) Change: (Backwards incompatible) Require JDK 21
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently,
canonmilluses BouncyCastle to load private keys, but it doesn't specify a provider for parsing certificates. This can yield keys that end up being "inconsistent" with their certificates because the two end up with different algorithm names. This can end up smashing into:https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/ssl/X509Authentication.java#L256
The text was updated successfully, but these errors were encountered: