On Tue, 10 Jun 2025 22:55:31 GMT, Artur Barashev <abaras...@openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 
>> 1221:
>> 
>>> 1219:                         tm.checkClientTrusted(
>>> 1220:                                 certs.clone(),
>>> 1221:                                 authType);
>> 
>> This call doesn't check against `SSLAlgorithmConstraints` unlike 2 calls for 
>> `SSLSocket` and `SSLEngine` above.
>
> What would be the reason it's not addressed like in `checkServerCerts` below?

That will be addressed in the next update.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2166438709

Reply via email to