You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Peter Major (Jira)" <ji...@apache.org> on 2019/10/24 21:57:00 UTC
[jira] [Created] (SANTUARIO-512) security-config.xml is out of date
Peter Major created SANTUARIO-512:
-------------------------------------
Summary: security-config.xml is out of date
Key: SANTUARIO-512
URL: https://issues.apache.org/jira/browse/SANTUARIO-512
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 2.1.4
Reporter: Peter Major
Assignee: Colm O hEigeartaigh
The security-config.xml shipped inside the library is quite out of date, and there are several cases when it's just completely wrong.
For example the RequiredKey setting is SHA1withDSA instead of DSA for DSA_SHA1 algorithm, MessageDigest algorithms are listed with KeyLength set to their output length, TransformBase64Decode implementation class is set to some stax version, when the Java code brings it in from a different package, and so on.
I'm wondering whether security-config.xml is still helpful in its current form, and whether it would be possible to somehow keep it in sync with the Java based defaults.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)