On Wed, 10 Dec 2025 20:41:01 GMT, Sean Coffey <[email protected]> wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Only the last few sentences of javadoc are outdated
>
> src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java line
> 210:
>
>> 208:
>> 209: if (socket instanceof SSLSocket sslSocket &&
>> sslSocket.isConnected()) {
>> 210: session = sslSocket.getHandshakeSession();
>
> subtle change in the refactoring now that the session non-null check is
> delayed until the new `findTrustedCertificate` call.
> The `SSLAlgorithmConstraints.forEngine/forSocket/forQUIC` methods also
> reference the session before the `findTrustedCertificate` call . Have you
> ensured that a null session can't cause issue there ?
Yes, we have a check for session not being null there: `session instanceof
ExtendedSSLSession`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28275#discussion_r2608177687
