# HG changeset patch
# User xuelei
# Date 1484849004 0
# Node ID 937cb78b2016dd9184164eaec90be53af14bcad7
# Parent  566b551b7820532bb7493bf207b63b67145fadc5
8173066: More verbose debug output for selection of X509 certs
Reviewed-by: coffeys

diff -r 566b551b7820 -r 937cb78b2016 jdk/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
--- a/jdk/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Thu Jan 19 09:27:24 2017 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Thu Jan 19 18:03:24 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -818,6 +818,11 @@
             checker.init(false);
         } catch (CertPathValidatorException cpve) {
             // unlikely to happen
+            if (useDebug) {
+                debug.println(
+                    "Cannot initialize algorithm constraints checker: " + cpve);
+            }
+
             return false;
         }
 
@@ -828,6 +833,11 @@
                 // We don't care about the unresolved critical extensions.
                 checker.check(cert, Collections.<String>emptySet());
             } catch (CertPathValidatorException cpve) {
+                if (useDebug) {
+                    debug.println("Certificate (" + cert +
+                        ") does not conform to algorithm constraints: " + cpve);
+                }
+
                 return false;
             }
         }