RFR: 8353113: Peer supported certificate signature algorithms are not being checked with default SunX509 key manager [v4]
Artur Barashev
abarashev at openjdk.org
Fri Jun 6 16:53:51 UTC 2025
On Fri, 6 Jun 2025 13:20:20 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Make the test run on TLSv1.3
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerConstraints.java line 170:
>
>> 168: }
>> 169:
>> 170: protected boolean isConstraintsDisabled() {
>
> Make this private? Not sure why it would need to be overridden.
If we have a consensus on keeping `jdk.tls.keymanager.disableConstraintsChecking` toggle as is, then I'm going to remove this method and do this check directly in the constructor.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2132534993
More information about the net-dev
mailing list