On Mon, 24 Feb 2025 18:47:44 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
> * Different code path and logic behind current `UsageConstraint` > implementation. I think we discussed it already at our meeting and we agreed > to intercept this special TLS usage before it's consumed by constraints class. We may have had a different thought in deviating from `UsageConstraint`. I didn't think a different processing path was necessary to handle this case, it was something like `UsageConstraint.permit(SSLCryptoScope)` could process this differently than the current `permit(ConstraintParameters)` as that was certificate related. I don't see anything special about this constraint that needs special handling. > > * We can't just disregard a UsageConstraint that had a non-null > nextConstraint, we can have multiple scopes. > > * The ampersand `&` is actually used between different constraints > (`usage` and `keysize` for example). For the `usage` constraint we have a > space-separated list of usages, and we can't mix TLS-specific usages with > other usages. If you are ok leaving `&` support, ok. I remember you were concerned about it previously. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1968310981
