RFR: 8371721: Refactor checkTrusted methods in X509TrustManagerImpl [v4]
Artur Barashev
abarashev at openjdk.org
Wed Dec 17 04:24:04 UTC 2025
On Tue, 16 Dec 2025 22:40:44 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Yes, if session is `null` we would allocate the constraints and then fail, before the refactoring we failed before allocating constraints. In practice, session is never null when we reach that code though.
>
> Please document assumptions like this.
>
> This is subtle, and it may take more cycles to maintain as it will likely have to be rediscovered.
>
> I'm still not 100% sure the situation is clear in my brain: `SupportedSignatureAlgorithmConstraints` just disables later checks if the instance is missing.
No functional change here, I just noted that after refactoring if we fail because session is null we would first allocate the constraints object. I'm not assuming that `In practice, session is never null when we reach that code`, just stating the current state of code. Functionality is unchanged with session being null after the refactoring.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28275#discussion_r2625543160
More information about the security-dev
mailing list