On Mon, 30 Aug 2021 20:19:00 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This code change collects all key types and runs `chooseClientAlias` only
>> once.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> after feedback
src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 1046:
> 1044:
> 1045: Collection<String> checkedKeyTypes = new HashSet<>();
> 1046: List<String> allAuths = new ArrayList<>();
The name is not clear enough to me. I may use something like
"supportedKeyTypes" or "availableKeyAlgs.
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 734:
> 732:
> 733: Collection<String> checkedKeyTypes = new HashSet<>();
> 734: List<String> allAuths = new ArrayList<>();
The name is not clear enough to me. I may use something like
"supportedKeyAlgs" or "availableKeyTypes".
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 274:
> 272: PublicKey clientPublicKey = clientCerts[0].getPublicKey();
> 273: if ((!clientPrivateKey.getAlgorithm().equals(keyType))
> 274: ||
> (!clientPublicKey.getAlgorithm().equals(keyType))) {
The keyType is checked here. The update may miss this.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
