RFR: 8365820: Apply certificate scope constraints to algorithms in "signature_algorithms" extension when "signature_algorithms_cert" extension is not being sent [v5]
Artur Barashev
abarashev at openjdk.org
Tue Sep 16 18:15:37 UTC 2025
On Wed, 10 Sep 2025 15:46:35 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Add a server-side unit test. Rename existing tests.
>
> test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java line 56:
>
>> 54: + CERTIFICATE_DISABLED_SIG + " usage certificateSignature";
>> 55:
>> 56: // Signature schemes not supported in TLSv1.3 for the handshake
>
> Add this bug number to the list of @bug
Done, thanks!
> test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS13.java line 68:
>
>> 66: SIG_ALGS_EXT);
>> 67:
>> 68: // These signature schemes MOST NOT be present in signature_algorithms
>
> Bug number to be added to @bug
Done.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2353283675
PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2353286216
More information about the security-dev
mailing list