On Mon, 22 Feb 2021 17:07:58 GMT, Jamil Nimeh <
[hidden email]> wrote:
>> This fix adjusts the SunJSSE provider's handling of the jdk.tls.[client | server].SignatureSchemes property and its effect on messages that assert the signature_algorithms and signature_algorithms_cert extensions, or supported_signature_algorithms vectors like those used in TLS 1.2 CertificateRequest messages. With this change, the ordering of the signature algorithms in the property value will be preserved in the ordering as integer identifiers in the messages itself. Prior to this fix the property algorithms will be asserted, but in the order as shown in the sun.security.ssl.SignatureAlgorithms enumeration.
>>
>> This does not affect the default ordering of these signature schemes when the property is not given a value.
>>
>> JBS:
https://bugs.openjdk.java.net/browse/JDK-8255867>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove unnecessary import
test/jdk/sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java line 90:
> 88: private static final String SIG_SCHEME_STR =
> 89: "rsa_pkcs1_sha256,rsa_pss_rsae_sha256,rsa_pss_pss_sha256," +
> 90: "ed448,ed25519,ecdsa_secp256r1_sha256";
It have been a while that we are trying to avoid the use the binary keystore files in test. It would be nice that if new test cases could use the javax/net/ssl/templates/javax/net/ssl/templates instead.
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 387:
> 385: config.signatureSchemes.isEmpty() ?
> 386: Arrays.asList(SignatureScheme.values()) :
> 387: config.signatureSchemes;
I would like to have two more indents for the '?' operator.
-------------
PR:
https://git.openjdk.java.net/jdk/pull/2658
Locked
