On Fri, 21 Feb 2025 22:34:25 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> `permits()` are used in situations for >> jdk[tls|certpath|jar].disabledAlgorithms, and the SSLAlgorithmConstraints. >> It's not called for APIs like KPG, Signature, etc. > > That's what I meant. Suppose in TLS when you verify a signature and you call > `permits` on both the signature algorithm name and the key used to init the > signature, it's OK if only one fails. Yes, it should check both the signature algorithm and key algorithm in one permits call for signatures. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1972412345
