RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v11]
Sean Mullan
mullan at openjdk.org
Thu Sep 18 13:21:53 UTC 2025
On Wed, 17 Sep 2025 21:58:48 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java line 216:
>>
>>> 214: }
>>> 215:
>>> 216: // Set trust anchor for the user-specified AlgorithmChecker.
>>
>> AlgorithmChecker is an internal class, so probably won't be passed in by a user. Probably just say "any passed-in AlgorithmChecker".
>
> The meaning is that's a user-specified checker, same as a comment [here](https://github.com/openjdk/jdk/blob/e1071797a4f0ab1a6af29824a777a7800d729b0e/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java#L420). Please also see `add user-specified checkers` comment a few lines below. So I used this wording for consistency with existing comments.
Ok.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2359259924
More information about the security-dev
mailing list