RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v2]
Artur Barashev
abarashev at openjdk.org
Tue Sep 9 18:18:44 UTC 2025
On Tue, 9 Sep 2025 16:57:21 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 52:
>>
>>> 50:
>>> 51: public enum SIGNATURE_CONSTRAINTS_MODE {
>>> 52: NONE, // Don't check against any supported signatures
>>
>> Do we need NONE? I don't see it used anywhere.
>
> Right, it's not being used currently, but I'd prefer to have it in case we need it in the future and just for overall code clarity.
On the 2nd thought, we can just use `null` instead.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334405812
More information about the security-dev
mailing list