RFR: 8359956: Support algorithm constraints and certificate checks in SunX509 key manager [v14]
Artur Barashev
abarashev at openjdk.org
Tue Jul 29 19:22:04 UTC 2025
On Tue, 29 Jul 2025 18:46:03 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments
>
> test/jdk/sun/security/ssl/X509KeyManager/CertChecking.java line 128:
>
>> 126: // --- Usage and expired test cases --
>> 127:
>> 128: // Both should fail with no usages at all
>
> Clarify what you mean by "Both should fail"? This test doesn't do a TLS handshake. Maybe what you want to comment on is the order when checking is enabled (i.e. cert with bad usage is always preferred last).
Sounds good, changing it to "Both client and server should fail". `usageTestCase` method takes 2 boolean values to indicate whether to check for server and client failure.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2240741713
More information about the security-dev
mailing list