On Thu, 13 Feb 2025 19:45:19 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> This fix makes some minor changes to the internals of the >> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break >> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS >> works better now with these changes. I've also taken this opportunity to do >> some cleanup on CertificateBuilder and added a method which uses a default >> signing algorithm based on the key, so the `build()` method no longer needs >> to provide that algorithm (though one can if they wish for things like RSA >> signatures if they want a different message digest in the signature). > > test/lib-test/jdk/test/lib/security/CPVAlgTestWithOCSP.java line 1: > >> 1: /* > > This test seems to be the more significant reason for this change - should > the issue be renamed to something like "Add OCSP tests for various signature > algorithms including PQC algorithms". The enhancements to the test library > would then be more as an additional improvement in order to support this new > test. Also, should it be moved to somewhere else like jdk/test/sun/security/provider/certpath? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23566#discussion_r1955130339
