RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]
Jamil Nimeh
jnimeh at openjdk.java.net
Fri Nov 20 20:25:07 UTC 2020
On Fri, 20 Nov 2020 19:58:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Jamil Nimeh has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:
>>
>> - Update test to account for JDK-8202343 fix
>> - Merge
>> - Merge
>> - Applied code review comments to tests
>> - Fix cut/paste error with ECDH-RSA key exchange
>> - Merge
>> - Initial EdDSA/TLS solution
>
> src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 139:
>
>> 137: if (cct.isAvailable) {
>> 138: cct.keyAlgorithm.forEach(key -> {
>> 139: if (!keyTypes.contains(key)) {
>
> Can this ever happen? Why not just `addAll`?
I wanted to make sure we didn't end up with duplicates if two different certificate types had the same underlying key type and also to deal with both well-formed certificate request messages or ones that erroneously reiterate the type. It is definitely an edge case.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1197
More information about the security-dev
mailing list