On Thu, 4 Sep 2025 17:09:29 GMT, Artur Barashev <[email protected]> wrote:
> See X509KeyManagerCertChecking#getAlgorithmConstraints. If the handshake > session is not an ExtendedSSLSession, the method returns constraints using a > null list of peerSupportedSignAlgs, which in turn means that all certificates > will be rejected. Accepting all signature schemes would probably be a better > choice here, and that's what we do when the handshake session is not > available at all. > > The SunJSSE SSLSockets and SSLEngines both return extended SSL sessions. > There are no known third-party providers that return non-extended SSL > sessions. I missed the changeset for 8359956. Quite a bit of work there. LGTM also. ------------- Marked as reviewed by wetmore (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/27106#pullrequestreview-3208318603
