On Tue, 22 Apr 2025 19:36:00 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Daniel Fuchs has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 499 commits: >> >> - merge latest changes from master branch >> - http3: improve H3ConnectionPoolTest.java >> - Fix snippet >> - Improve key destruction >> - merge latest changes from master branch >> - http3: fix bug introduced by Http3ConnectionPool and improved debug logs >> - http3: refactor HTTP/3 connection pool management in a separate class >> - Ignore DestroyFailedExceptions >> - Remove outdated TODO >> - Remove outdated TODO >> - ... and 489 more: https://git.openjdk.org/jdk/compare/65fda5c0...a5a0c7f8 > > src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line > 1221: > >> 1219: tm.checkClientTrusted( >> 1220: certs.clone(), >> 1221: authType); > > This call doesn't check against `SSLAlgorithmConstraints` unlike 2 calls for > `SSLSocket` and `SSLEngine` above. What would be the reason it's not addressed like in `checkServerCerts` below? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2138892993
