On Thu, 5 Jun 2025 19:31:55 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Make the test run on TLSv1.3 > > test/jdk/sun/security/ssl/X509KeyManager/PeerConstraintsCheck.java line 1: > >> 1: /* > > I am trying to figure out when the algorithm constraints are enabled, why the > key isn't being selected. I don't see anywhere that you are setting the > algorithm constraints property. > > Please add some more comments explaining how the exception case occurs. Hi @seanjmullan! This PR fixes both JDK-8353113 and JDK-8170706. So we have 2 new unit tests for each: 1. `AlgorithmConstraintsCheck`: tests JDK-8170706. BTW, I'm going to update the `@bug` tag in this test to `8170706` 2. `PeerConstraintsCheck`: tests JDK-8353113. No need to set any algorithm constraints because we test against the peer supported certificate signatures sent to us in "signature_algorithms"/"signature_algorithms_cert" extensions. I'll add a comment to this test with the explanation. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2132486696
