RSASSA-PSS is currently the only signature algorithm we support that comes with algorithm parameters. We don't check for those parameters when validating certificates against algorithm constraints.
------------- Commit messages: - 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints Changes: https://git.openjdk.org/jdk/pull/27146/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27146&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8367104 Stats: 513 lines in 8 files changed: 353 ins; 114 del; 46 mod Patch: https://git.openjdk.org/jdk/pull/27146.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27146/head:pull/27146 PR: https://git.openjdk.org/jdk/pull/27146
