RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v3]
Artur Barashev
abarashev at openjdk.org
Tue Sep 9 23:35:07 UTC 2025
On Tue, 9 Sep 2025 19:12:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments
>
> test/jdk/sun/security/ssl/SignatureScheme/RsaSsaPssConstraints.java line 1:
>
>> 1: /*
>
> How difficult would it be to add a test for "Rsa_pss_rsae_Sha384"? I think certificates with the rsaEncryption OID are much more common, so it would be good to add a test case for that.
Not difficult at all, it's a good idea to add more tests, thanks!
> test/jdk/sun/security/ssl/SignatureScheme/RsaSsaPssConstraints.java line 110:
>
>> 108: algo + " usage CertificateSignature");
>> 109:
>> 110: for (String protocol : new String[]{"TLS", "TLSv1.2"}) {
>
> I think you should test "TLSv1.3" specifically instead of "TLS", so we are sure this test is testing 1.3.
Done!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2335084030
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2335083547
More information about the security-dev
mailing list