On Wed, 23 Apr 2025 17:54:38 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more robust.
>
> test/jdk/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java line
> 147:
>
>> 145:
>> 146: KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
>> 147: kpg.initialize(2048);
>
> I would not specify the key size and let the provider default set it. That
> could expose any problems between constraints and provider defaults, also it
> future proofs the test when key sizes are increased some day in the future.
I see! I'll update the test, thanks!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24756#discussion_r2058574827
