RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v8]
Sean Mullan
mullan at openjdk.org
Fri Sep 12 13:21:40 UTC 2025
On Thu, 11 Sep 2025 19:57:48 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 312:
>>
>>> 310: checksDisabled = false;
>>> 311:
>>> 312: if (mode == null
>>
>> I can't find any code where `mode` can be `null`.
>
> There is no such code currently. But if somebody makes a call with `null` mode in the future it will create `SupportedSignatureAlgorithmConstraints` object that will always return `false` on permit calls because of the `if (supportedAlgorithms == null || supportedAlgorithms.isEmpty())` check below. So I think it makes sense to check for it here.
Ok.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2344215826
More information about the security-dev
mailing list