On Thu, 4 Sep 2025 17:09:29 GMT, Artur Barashev <[email protected]> wrote:
> See X509KeyManagerCertChecking#getAlgorithmConstraints. If the handshake > session is not an ExtendedSSLSession, the method returns constraints using a > null list of peerSupportedSignAlgs, which in turn means that all certificates > will be rejected. Accepting all signature schemes would probably be a better > choice here, and that's what we do when the handshake session is not > available at all. > > The SunJSSE SSLSockets and SSLEngines both return extended SSL sessions. > There are no known third-party providers that return non-extended SSL > sessions. This pull request has now been integrated. Changeset: 4ea8979b Author: Artur Barashev <[email protected]> URL: https://git.openjdk.org/jdk/commit/4ea8979b93f80e9ecbc197ee12ceb523ef8da6aa Stats: 451 lines in 3 files changed: 406 ins; 14 del; 31 mod 8365953: Key manager returns no certificates when handshakeSession is not an ExtendedSSLSession Reviewed-by: djelinski, wetmore ------------- PR: https://git.openjdk.org/jdk/pull/27106
