On Wed, 23 Feb 2022 16:08:49 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
> In the TlsChannelBinding.java implementation, the string operation is placed
> before the case conversion. The behavior may be not expected.
>
>
> String hashAlg = serverCertificate.getSigAlgName().
> - replace("SHA", "SHA-").toUpperCase(Locale.ENGLISH);
> + toUpperCase(Locale.ENGLISH).replace("SHA", "SHA-");
>
>
> See also [Bernd Eckenfels](mailto:[email protected]) comment in [PR
> 7583](https://github.com/openjdk/jdk/pull/7583)
Checking other java.security.*/sun.security.* components outside JSSE would be
a good idea, but this particular change looks good to me also.
-------------
Marked as reviewed by wetmore (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/7592
