On Thu, 18 Sep 2025 21:39:31 GMT, Artur Barashev <[email protected]> wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes >> with algorithm parameters. We don't check for those parameters when >> validating certificates against supported signature algorithm constraints. > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Add exception's cause type check test/jdk/sun/security/ssl/X509TrustManagerImpl/CertChainAlgorithmConstraints.java line 183: > 181: assertTrue(ex instanceof ValidatorException); > 182: assertTrue( > 183: ex.getCause() instanceof > SunCertPathBuilderException); What about the cause's message? Can you check for a constraints check failed in the message to eliminate failures due to the wrong reason? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2361275518
