On Thu, 18 Sep 2025 18:39:00 GMT, Artur Barashev <[email protected]> wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes
>> with algorithm parameters. We don't check for those parameters when
>> validating certificates against supported signature algorithm constraints.
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Algorithm Constraints unit test for a mixed-up and valid cert chains
test/jdk/sun/security/ssl/X509TrustManagerImpl/CertChainAlgorithmConstraints.java
line 179:
> 177: ex -> {
> 178: assertTrue(ex instanceof ValidatorException);
> 179: assertEquals(ex.getMessage(),
Can you check the cause (CertPathBuilderExc) for a similar exception message as
in lines 191-196?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2361215184
