On Mon, 27 Apr 2026 08:07:46 GMT, Daniel Jeliński <[email protected]> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Typo fix > > test/jdk/javax/net/ssl/ServerName/SNIWildcardMatching.java line 173: > >> 171: Certificate[] chain = new Certificate[2]; >> 172: chain[0] = keyCertificate; >> 173: chain[1] = trustedCertificate; > > The trusted certificate is usually not included in the chain. Remove? We need the same `trustedCertificate` in the key stores of both the client and the server to trust each other. > test/jdk/javax/net/ssl/ServerName/SNIWildcardMatching.java line 197: > >> 195: var caKeys = kpg.generateKeyPair(); >> 196: serverKeys = kpg.generateKeyPair(); >> 197: clientKeys = kpg.generateKeyPair(); > > did you intend to enable client authorization? Otherwise the client certs > appear to be unused. Yes, it's not really needed for this test, but removing it will make the code rather confusing. Technically client and server can use the same SSLContext for this test. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30927#discussion_r3150297152 PR Review Comment: https://git.openjdk.org/jdk/pull/30927#discussion_r3150292044
