On Tue, 28 Apr 2026 20:02:15 GMT, Jamil Nimeh <[email protected]> wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Client side does not need a certificate
>
> test/jdk/sun/security/ssl/SignatureScheme/TLSCurveMismatch.java line 166:
>
>> 164:
>> 165: TrustManagerFactory tmf =
>> TrustManagerFactory.getInstance("PKIX");
>> 166: tmf.init(ks);
>
> Not 100% sure, but do you think initializing the TMF via the keystore will
> give you different validation behavior than if it was initialized via
> PKIXParameters inserted in a ManagerFactoryParameters? Might that have some
> effect on the validation? It's a more complicated initialization, but it
> might also be a more real-world test case.
Not sure why we need to use PKIXParameters for this test, what custom
parameters would we specify with it? This test is not about cert path
validation. `SSLContextTemplate` is using the same TrustManager initialization
path.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30944#discussion_r3157387294
