On Tue, 29 Apr 2025 18:51:58 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Skip explicit KeyPair initialization and let the provider default set it > > test/jdk/sun/security/tools/keytool/PrintSSL.java line 57: > >> 55: + "-keystore keystore -storepass passphrase " >> 56: + "-keypass passphrase -keyalg rsa -keysize 1024 " >> 57: + "-sigalg MD5withRSA -alias rsa_alias -dname >> CN=Server"); > > I think it would be better to use the current weak algorithms (as the comment > on line 53 notes) and set the server's keymanager to SunX509 (with the > `javax.net.ssl.keyStoreType` system prop) as it seems the purpose of this > test is to ensure `keytool -printcert -sslserver` can deal with weak > algorithms in certs. Indeed, good catch! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24756#discussion_r2067424166
