On Fri, 20 Jun 2025 13:58:24 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update system property name in one more test > > test/jdk/sun/security/mscapi/ShortRSAKeyWithinTLS.java line 238: > >> 236: // Disable KeyManager's algorithm constraints checking. >> 237: System.setProperty( >> 238: "jdk.tls.SunX509keymanager.certSelectionChecking", >> "false"); > > What if you instead just removed "RSA keySize < 1024" from the > `jdk.certpath.disabledAlgorithms` security property - would this test still > pass? This way you could still test the other parts of the cert selection > code. > > This same comment applies to other tests where you have set the > `jdk.tls.SunX509keymanager.certSelectionChecking` property to false. Done, good point! It works for this particular test but the same approach doesn't work for other tests because they either rely on TrustManager do the constraints checks or MD5 algorithm being blocks by TLSv1.3 spec. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25016#discussion_r2159457776
