RFR: 8359956: Support algorithm constraints and certificate checks in SunX509 key manager [v14]
Artur Barashev
abarashev at openjdk.org
Tue Jul 29 20:38:58 UTC 2025
On Tue, 29 Jul 2025 19:50:16 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java line 58:
>
>> 56: * Layer that adds algorithm constraints and certificate checking to a key
>> 57: * manager.
>> 58: */
>
> Can you add some more comments about the algorithm it uses for selecting certificates (when certChecking is enabled)? In other words, what the preference order is for selecting certs, and which certificates are not chosen due to disabled algs, or other reasons. You can probably copy some/most of this from the comments in `X509KeyManagerImpl`.
Done, thanks!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2240958831
More information about the security-dev
mailing list