On Mon, 30 Aug 2021 15:50:19 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Did you mean to change hc.peerRequestedCertSignSchemes to String? This
>> field would be used for algorithm constraints and more parameters are
>> required there.
>
> No, I meant changing the type of the `certScheme` argument in
>
> static SignatureScheme getPreferableAlgorithm(
> AlgorithmConstraints constraints,
> List<SignatureScheme> schemes,
> SignatureScheme certScheme,
> ProtocolVersion version) {
>
> to `String`. Since we are only putting `ss.keyAlgorithm` value into the
> checked type list, we need to make sure we only check on about `keyAlgorithm`
> now. My concern is that suppose one day we decide to check on `ss.namedGroup`
> as well, then we will remember to update this method and the checked list at
> the same time.
I don't think so. In logic, we should check the SignatureScheme here rather
than the String key algorithm. If we need an update in the future, we may want
to update the following-on methods, like key manager APIs.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
