On Tue, 10 Jun 2025 22:55:31 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line >> 1221: >> >>> 1219: tm.checkClientTrusted( >>> 1220: certs.clone(), >>> 1221: authType); >> >> This call doesn't check against `SSLAlgorithmConstraints` unlike 2 calls for >> `SSLSocket` and `SSLEngine` above. > > What would be the reason it's not addressed like in `checkServerCerts` below? That will be addressed in the next update. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2166438709