On Mon, 28 Apr 2025 22:34:24 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Per TLSv1.3 RFC: >> >> >> If no "signature_algorithms_cert" extension is >> present, then the "signature_algorithms" extension also applies to >> signatures appearing in certificates. >> >> >> When no "signature_algorithms_cert" extension is present in ClientHello we >> simply copy "signature_algorithms" extension algorithms already filtered >> with HANDSHAKE_SCOPE to `peerRequestedCertSignSchemes`. Instead we should >> filter "signature_algorithms" extension algorithms with CERTIFICATE_SCOPE as >> certain algorithms are allowed to be used in certificate signatures but not >> in handshake signatures. > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Take "signature_algorithms_cert" extension as parameter @artur-oracle Your change (at version ae1b30609fce534f7b3e272c96a8cda24853b36c) is now ready to be sponsored by a Committer. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24939#issuecomment-2842637038
