RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v2]
Artur Barashev
abarashev at openjdk.org
Tue Sep 9 17:00:54 UTC 2025
On Tue, 9 Sep 2025 16:03:49 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> More test cases
>
> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 52:
>
>> 50:
>> 51: public enum SIGNATURE_CONSTRAINTS_MODE {
>> 52: NONE, // Don't check against any supported signatures
>
> Do we need NONE? I don't see it used anywhere.
Right, it's not being used currently, but I'd prefer to have it in case we need it in the future and just for overall code clarity.
> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 311:
>
>> 309: supportedAlgorithms = null;
>> 310: supportedSignatureSchemes = null;
>> 311: checksDisabled = false;
>
> Not necessary to initialize, those are the defaults.
Right, I just coded it this way for clarity.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334234899
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334236370
More information about the security-dev
mailing list