On Tue, 9 Sep 2025 16:37:02 GMT, Artur Barashev <[email protected]> wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes
>> with algorithm parameters. We don't check for those parameters when
>> validating certificates against supported signature algorithm constraints.
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Address review comments
test/jdk/sun/security/ssl/SignatureScheme/RsaSsaPssConstraints.java line 1:
> 1: /*
How difficult would it be to add a test for "Rsa_pss_rsae_Sha384"? I think
certificates with the rsaEncryption OID are much more common, so it would be
good to add a test case for that.
test/jdk/sun/security/ssl/SignatureScheme/RsaSsaPssConstraints.java line 110:
> 108: algo + " usage CertificateSignature");
> 109:
> 110: for (String protocol : new String[]{"TLS", "TLSv1.2"}) {
I think you should test "TLSv1.3" specifically instead of "TLS", so we are sure
this test is testing 1.3.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334531774
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334486554
