On Wed, 17 Sep 2025 15:30:44 GMT, Artur Barashev <[email protected]> wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes >> with algorithm parameters. We don't check for those parameters when >> validating certificates against supported signature algorithm constraints. > > Artur Barashev has updated the pull request incrementally with two additional > commits since the last revision: > > - Cleaner certpath validation solution > - Alternative solution for JDK-8367104 src/java.base/share/classes/sun/security/validator/PKIXValidator.java line 264: > 262: X509Certificate last = chain[chain.length - 1]; > 263: X500Principal issuer = last.getIssuerX500Principal(); > 264: X500Principal subject = last.getSubjectX500Principal(); unused variable. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2356795259
