RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v11]
Artur Barashev
abarashev at openjdk.org
Wed Sep 17 22:03:53 UTC 2025
On Wed, 17 Sep 2025 21:02:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Remove unused import. Adjust comments.
>
> src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java line 216:
>
>> 214: }
>> 215:
>> 216: // Set trust anchor for the user-specified AlgorithmChecker.
>
> AlgorithmChecker is an internal class, so probably won't be passed in by a user. Probably just say "any passed-in AlgorithmChecker".
The meaning is that's a user-specified checker, same as a comment [here](https://github.com/openjdk/jdk/blob/e1071797a4f0ab1a6af29824a777a7800d729b0e/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java#L420). Please also see `add user-specified checkers` comment a few lines below. So I used this wording for consistency with existing comments.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2356876903
More information about the security-dev
mailing list