On Fri, 23 May 2025 15:54:59 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> test/jdk/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java line 227: >> >>> 225: // algorithm to constraints so local >>> certificates >>> 226: // can't be restored from the session ticket. >>> 227: params.setAlgorithmConstraints( >> >> Isn't this a repeat of the SIGNATURE_SCHEME test above? > > Hi Daniel! > > 1. You can see that I've modified `ResumeChecksServer` SIGNATURE_SCHEME case > to block signature scheme names specifically, not algorithm names like > before. This test case was created for [this > check](https://github.com/openjdk/jdk/blob/48df41b6997cfe2c8aa3bc46ea25eff01f615d31/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java#L468) > which was done as part of > [JDK-8206929](https://bugs.openjdk.org/browse/JDK-8206929) and that's the > reason I've kept `localSupportedSignAlgs` in the session ticket. > 2. About LOCAL_CERTS case I've added: it blocks initial session's certificate > signature algorithm specifically so it's not returned with the new possession > when we restore the session. You can comment out all the other cases from > ResumeChecksServerStateless.java and run just LOCAL_CERTS case with > `-Djavax.net.debug=ssl` option and observe `Local certificates can not be > restored` message in the logs. I also ran this test under debugger to confirm > things. Thanks for the explanation! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25310#discussion_r2105178575
