> RSASSA-PSS is currently the only signature algorithm we support that comes > with algorithm parameters. We don't check for those parameters when > validating certificates against supported signature algorithm constraints.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains eight commits: - Merge branch 'master' into Check_RSASSA-PSS_cert_params # Conflicts: # src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java - Add a TrustManager check - Fix key algorithm bug. Add more test cases - Use null instead of SIGNATURE_CONSTRAINTS_MODE.NONE - Use default constraints if SIGNATURE_CONSTRAINTS_MODE is NONE. Log warning and return true on InvalidParameterSpecException - Address review comments - More test cases - 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints ------------- Changes: https://git.openjdk.org/jdk/pull/27146/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27146&range=07 Stats: 580 lines in 8 files changed: 427 ins; 106 del; 47 mod Patch: https://git.openjdk.org/jdk/pull/27146.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27146/head:pull/27146 PR: https://git.openjdk.org/jdk/pull/27146
