On Mon, 22 Feb 2021 17:07:58 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> This fix adjusts the SunJSSE provider's handling of the jdk.tls.[client | >> server].SignatureSchemes property and its effect on messages that assert the >> signature_algorithms and signature_algorithms_cert extensions, or >> supported_signature_algorithms vectors like those used in TLS 1.2 >> CertificateRequest messages. With this change, the ordering of the >> signature algorithms in the property value will be preserved in the ordering >> as integer identifiers in the messages itself. Prior to this fix the >> property algorithms will be asserted, but in the order as shown in the >> sun.security.ssl.SignatureAlgorithms enumeration. >> >> This does not affect the default ordering of these signature schemes when >> the property is not given a value. >> >> JBS: https://bugs.openjdk.java.net/browse/JDK-8255867 > > Jamil Nimeh has updated the pull request incrementally with one additional > commit since the last revision: > > Remove unnecessary import test/jdk/sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java line 90: > 88: private static final String SIG_SCHEME_STR = > 89: "rsa_pkcs1_sha256,rsa_pss_rsae_sha256,rsa_pss_pss_sha256," + > 90: "ed448,ed25519,ecdsa_secp256r1_sha256"; It have been a while that we are trying to avoid the use the binary keystore files in test. It would be nice that if new test cases could use the javax/net/ssl/templates/javax/net/ssl/templates instead. src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 387: > 385: config.signatureSchemes.isEmpty() ? > 386: Arrays.asList(SignatureScheme.values()) : > 387: config.signatureSchemes; I would like to have two more indents for the '?' operator. ------------- PR: https://git.openjdk.java.net/jdk/pull/2658
