--- old/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java 2016-10-12 10:43:54.059217785 -0700 +++ new/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java 2016-10-12 10:43:53.935217790 -0700 @@ -530,7 +530,8 @@ } throw new CertPathValidatorException( "Algorithm constraints check failed on certificate " + - "anchor limits", + "anchor limits. " + algorithm + " used with " + + cp.getCertificate().getSubjectX500Principal(), null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); } } @@ -611,8 +612,8 @@ return; } throw new CertPathValidatorException( - "denyAfter constraint check failed. " + - "Constraint date: " + + "denyAfter constraint check failed: " + algorithm + + " used with Constraint date: " + dateFormat.format(denyAfterDate) + "; " + errmsg + dateFormat.format(currentDate), null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); @@ -644,6 +645,7 @@ private int minSize; // the minimal available key size private int maxSize; // the maximal available key size private int prohibitedSize = -1; // unavailable key sizes + private int size; public KeySizeConstraint(String algo, Operator operator, int length) { algorithm = algo; @@ -695,7 +697,9 @@ return; } throw new CertPathValidatorException( - "Algorithm constraints check failed on keysize limits", + "Algorithm constraints check failed on keysize limits." + + algorithm + " " + size + "bit used with " + + cp.getCertificate().getSubjectX500Principal(), null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); } } @@ -722,7 +726,7 @@ return true; } - int size = KeyUtil.getKeySize(key); + size = KeyUtil.getKeySize(key); if (size == 0) { return false; // we don't allow any key of size 0. } else if (size > 0) {