On Mon, 27 Apr 2026 21:29:08 GMT, Artur Barashev <[email protected]> wrote:
>> test/jdk/javax/net/ssl/ServerName/SNIWildcardMatching.java line 197: >> >>> 195: var caKeys = kpg.generateKeyPair(); >>> 196: serverKeys = kpg.generateKeyPair(); >>> 197: clientKeys = kpg.generateKeyPair(); >> >> did you intend to enable client authorization? Otherwise the client certs >> appear to be unused. > > Yes, it's not really needed for this test, but removing it will make the code > rather confusing. Technically client and server can use the same SSLContext > for this test. Yeah, but creating certificates that are unused is even more confusing. I'd prefer to use the same key store on both ends, or a set up similar to [CriticalSubjectAltName](https://github.com/openjdk/jdk/blob/3e5b5dde7ad14d49371cf58f3238c71091b4d0a2/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java#L171-L180) where the client only configures a trust manager and no key manager. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30927#discussion_r3152459716
