RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v10]
Artur Barashev
abarashev at openjdk.org
Wed Sep 17 15:30:44 UTC 2025
> RSASSA-PSS is currently the only signature algorithm we support that comes with algorithm parameters. We don't check for those parameters when validating certificates against supported signature algorithm constraints.
Artur Barashev has updated the pull request incrementally with two additional commits since the last revision:
- Cleaner certpath validation solution
- Alternative solution for JDK-8367104
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/27146/files
- new: https://git.openjdk.org/jdk/pull/27146/files/85a7b6f1..0be01de0
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=27146&range=09
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=27146&range=08-09
Stats: 49 lines in 4 files changed: 6 ins; 34 del; 9 mod
Patch: https://git.openjdk.org/jdk/pull/27146.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27146/head:pull/27146
PR: https://git.openjdk.org/jdk/pull/27146
More information about the security-dev
mailing list