RFR: 8359956: Support algorithm constraints and certificate checks in SunX509 key manager [v14]
Sean Mullan
mullan at openjdk.org
Tue Jul 29 19:27:57 UTC 2025
On Tue, 29 Jul 2025 19:19:15 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> test/jdk/sun/security/ssl/X509KeyManager/CertChecking.java line 128:
>>
>>> 126: // --- Usage and expired test cases --
>>> 127:
>>> 128: // Both should fail with no usages at all
>>
>> Clarify what you mean by "Both should fail"? This test doesn't do a TLS handshake. Maybe what you want to comment on is the order when checking is enabled (i.e. cert with bad usage is always preferred last).
>
> Sounds good, changing it to "Both client and server should fail". `usageTestCase` method takes 2 boolean values to indicate whether to check for server and client failure.
But I am still confused by what you mean by fail? Typically that means catching an Exception and checking that it is expected.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2240752548
More information about the security-dev
mailing list