RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]

Weijun Wang weijun at openjdk.java.net
Sat Nov 21 02:03:12 UTC 2020


On Fri, 20 Nov 2020 20:22:33 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 139:
>> 
>>> 137:                 if (cct.isAvailable) {
>>> 138:                     cct.keyAlgorithm.forEach(key -> {
>>> 139:                         if (!keyTypes.contains(key)) {
>> 
>> Can this ever happen? Why not just `addAll`?
>
> I wanted to make sure we didn't end up with duplicates if two different certificate types had the same underlying key type and also to deal with both well-formed certificate request messages or ones that erroneously reiterate the type.  It is definitely an edge case.

OK.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1197



More information about the security-dev mailing list