RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints
Artur Barashev
abarashev at openjdk.org
Mon Sep 8 15:36:50 UTC 2025
RSASSA-PSS is currently the only signature algorithm we support that comes with algorithm parameters. We don't check for those parameters when validating certificates against algorithm constraints.
-------------
Commit messages:
- 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints
Changes: https://git.openjdk.org/jdk/pull/27146/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27146&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8367104
Stats: 513 lines in 8 files changed: 353 ins; 114 del; 46 mod
Patch: https://git.openjdk.org/jdk/pull/27146.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27146/head:pull/27146
PR: https://git.openjdk.org/jdk/pull/27146
More information about the security-dev
mailing list