On Mon, 28 Apr 2025 22:34:24 GMT, Artur Barashev <abaras...@openjdk.org> wrote:

>> Per TLSv1.3 RFC:
>> 
>> 
>>    If no "signature_algorithms_cert" extension is
>>    present, then the "signature_algorithms" extension also applies to
>>    signatures appearing in certificates.
>> 
>> 
>> When no "signature_algorithms_cert" extension is present in ClientHello we 
>> simply copy "signature_algorithms" extension algorithms already filtered 
>> with HANDSHAKE_SCOPE to `peerRequestedCertSignSchemes`. Instead we should 
>> filter "signature_algorithms" extension algorithms with CERTIFICATE_SCOPE as 
>> certain algorithms are allowed to be used in certificate signatures but not 
>> in handshake signatures.
>
> Artur Barashev has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Take "signature_algorithms_cert" extension as parameter

@artur-oracle 
Your change (at version ae1b30609fce534f7b3e272c96a8cda24853b36c) is now ready 
to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/24939#issuecomment-2842637038

Reply via email to