On Tue, 28 Apr 2026 08:00:36 GMT, Daniel Jeliński <[email protected]> wrote:
>> We need the same `trustedCertificate` in the key stores of both the client >> and the server to trust each other. > > To verify that the server certificate chain is trusted, the client uses the > `setCertificateEntry` entry you set up a few lines before. It does not need > to be included in the chain. > > See > [CriticalSubjectAltName.java](https://github.com/openjdk/jdk/blob/3e5b5dde7ad14d49371cf58f3238c71091b4d0a2/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java#L157-L159) > for an example that does not include trustedCertificate in the chain. Indeed, I'll make the changes, thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30927#discussion_r3154006831
