On Tue, 28 Apr 2026 15:52:13 GMT, Artur Barashev <[email protected]> wrote:
>> RFC 8446 Section 4.2.3: TLS 1.2 signature scheme curve doesn't have to match >> the signing curve. >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Client side does not need a certificate The fixes themselves look straightforward. I have a couple questions/comments on the test. test/jdk/sun/security/ssl/SignatureScheme/TLSCurveMismatch.java line 166: > 164: > 165: TrustManagerFactory tmf = > TrustManagerFactory.getInstance("PKIX"); > 166: tmf.init(ks); Not 100% sure, but do you think initializing the TMF via the keystore will give you different validation behavior than if it was initialized via PKIXParameters inserted in a ManagerFactoryParameters? Might that have some effect on the validation? It's a more complicated initialization, but it might also be a more real-world test case. test/jdk/sun/security/ssl/SignatureScheme/TLSCurveMismatch.java line 211: > 209: .setNotBefore( > 210: Date.from(Instant.now().minus(1, > ChronoUnit.HOURS))) > 211: .setNotAfter(Date.from(Instant.now().plus(1, > ChronoUnit.HOURS))) It seems like this could create a potential validity nesting issue, but it would likely take a really slow system such that the notAfter date of the end entity cert potentially could be one or two seconds later than the notAfter of its CA. test/jdk/sun/security/ssl/SignatureScheme/TLSCurveMismatch.java line 217: > 215: .addAuthorityKeyIdExt(caKey) > 216: .addKeyUsageExt(new boolean[]{ > 217: true, true, true, true, true, true, true}); For a TLS cert with an EC key on it, you shouldn't be setting CA key usage bit settings or things like encipher/decipherOnly. I'd just set bit 0 (digitalSignature). Similar story for a CA, it needs bit 5/6 (certs/crls) but really nothing else...you could add digital signature too. I'm actually kinda surprised that the PKIX validator didn't have an issue with these wide-open bit settings. ------------- PR Review: https://git.openjdk.org/jdk/pull/30944#pullrequestreview-4191895875 PR Review Comment: https://git.openjdk.org/jdk/pull/30944#discussion_r3156842625 PR Review Comment: https://git.openjdk.org/jdk/pull/30944#discussion_r3156797179 PR Review Comment: https://git.openjdk.org/jdk/pull/30944#discussion_r3156753311
