RFR: 8371721: Refactor checkTrusted methods in X509TrustManagerImpl [v4]
Bradford Wetmore
wetmore at openjdk.org
Tue Dec 16 22:50:55 UTC 2025
On Thu, 11 Dec 2025 19:08:03 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> fair enough. SupportedSignatureAlgorithmConstraints constructor caters for this scenario at moment.
>
> Yes, if session is `null` we would allocate the constraints and then fail, before the refactoring we failed before allocating constraints. In practice, session is never null when we reach that code though.
Please document assumptions like this.
This is subtle, and it may take more cycles to maintain as it will likely have to be rediscovered.
I'm still not 100% sure the situation is clear in my brain: `SupportedSignatureAlgorithmConstraints` just disables later checks if the instance is missing.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28275#discussion_r2624986822
More information about the security-dev
mailing list