On Tue, 29 Jul 2025 19:50:16 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Address review comments > > src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java > line 58: > >> 56: * Layer that adds algorithm constraints and certificate checking to a >> key >> 57: * manager. >> 58: */ > > Can you add some more comments about the algorithm it uses for selecting > certificates (when certChecking is enabled)? In other words, what the > preference order is for selecting certs, and which certificates are not > chosen due to disabled algs, or other reasons. You can probably copy > some/most of this from the comments in `X509KeyManagerImpl`. Done, thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2240958831
