changeset 16528:81c264945b57

8173066: More verbose debug output for selection of X509 certs Reviewed-by: coffeys
author xuelei
date Thu, 19 Jan 2017 18:03:24 +0000
parents 547ea8de63cf
children fe9b621d7ae2
files src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
diffstat 1 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Thu Jan 19 09:27:24 2017 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Thu Jan 19 18:03:24 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -818,6 +818,11 @@
             checker.init(false);
         } catch (CertPathValidatorException cpve) {
             // unlikely to happen
+            if (useDebug) {
+                debug.println(
+                    "Cannot initialize algorithm constraints checker: " + cpve);
+            }
+
             return false;
         }
 
@@ -828,6 +833,11 @@
                 // We don't care about the unresolved critical extensions.
                 checker.check(cert, Collections.<String>emptySet());
             } catch (CertPathValidatorException cpve) {
+                if (useDebug) {
+                    debug.println("Certificate (" + cert +
+                        ") does not conform to algorithm constraints: " + cpve);
+                }
+
                 return false;
             }
         }