RFR: 8353113: Peer supported certificate signature algorithms are not being checked with default SunX509 key manager [v4]
Artur Barashev
abarashev at openjdk.org
Fri Jun 6 21:21:52 UTC 2025
On Thu, 5 Jun 2025 17:40:28 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Make the test run on TLSv1.3
>
> src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java line 264:
>
>> 262: * the peer (if any).
>> 263: *
>> 264: * @since 1.5
>
> I would remove the `@since 1.5` from these methods. It isn't relevant anymore since this is an internal class and that version is no longer supported. That version info is in the `X509ExtendedKeyManager` API which is sufficient.
Done.
> src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java line 395:
>
>> 393: if (SSLLogger.isOn && SSLLogger.isOn("keymanager")) {
>> 394: SSLLogger.fine("Ignore alias " + alias +
>> 395: ": certificate list does not conform to " +
>
> suggest saying "certificate chain" not "certificate list".
Done. Also changing the same message in `X509KeyManagerImpl`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2132920769
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2132919667
More information about the net-dev
mailing list