You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Peter Major (Jira)" <ji...@apache.org> on 2019/10/24 21:57:00 UTC

[jira] [Created] (SANTUARIO-512) security-config.xml is out of date

Peter Major created SANTUARIO-512:
-------------------------------------

             Summary: security-config.xml is out of date
                 Key: SANTUARIO-512
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-512
             Project: Santuario
          Issue Type: Bug
          Components: Java
    Affects Versions: Java 2.1.4
            Reporter: Peter Major
            Assignee: Colm O hEigeartaigh


The security-config.xml shipped inside the library is quite out of date, and there are several cases when it's just completely wrong.
For example the RequiredKey setting is SHA1withDSA instead of DSA for DSA_SHA1 algorithm, MessageDigest algorithms are listed with KeyLength set to their output length, TransformBase64Decode implementation class is set to some stax version, when the Java code brings it in from a different package, and so on.

I'm wondering whether security-config.xml is still helpful in its current form, and whether it would be possible to somehow keep it in sync with the Java based defaults.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)