On Thu, 4 Sep 2025 17:09:29 GMT, Artur Barashev <[email protected]> wrote:
> See X509KeyManagerCertChecking#getAlgorithmConstraints. If the handshake > session is not an ExtendedSSLSession, the method returns constraints using a > null list of peerSupportedSignAlgs, which in turn means that all certificates > will be rejected. Accepting all signature schemes would probably be a better > choice here, and that's what we do when the handshake session is not > available at all. > > The SunJSSE SSLSockets and SSLEngines both return extended SSL sessions. > There are no known third-party providers that return non-extended SSL > sessions. LGTM. ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/27106#pullrequestreview-3188310642
