On Tue, 17 Nov 2020 19:47:37 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java line 583: >> >>> 581: serverParameters.put(ParamType.CERTALIAS, "EE_ED25519"); >>> 582: runtest(testFormat, isPeerEd25519, null, null, null); >>> 583: serverParameters.remove(ParamType.CERTALIAS); >> >> I did not get the idea here. Is there a special case in practice that use a >> similar key manger like the AliasKeyManager? > > Right now, for TLS 1.0/1.1 EC certificates will be favored over EdDSA > certificates in keystores that have valid certificates with both kinds of > keys. There's nothing we can do about that because 1.0/1.1 has no signaling > mechanism to indicate signature preference like 1.2+ has. Given that, I was > thinking of ways to get around that restriction and one case I thought of was > the Tomcat connector, which has options to specify a certificate for use by > alias. I wanted to make sure that we could still do that for 1.0/1.1 and it > wouldn't break so I cooked up this simple KeyManager and ran a basic > connection, expecting to see the cert specified by the alias. Got it. Thanks! ------------- PR: https://git.openjdk.java.net/jdk/pull/1197
