[JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) implementation assumes that OpenJDK client always sends "signature_algorithms_cert" extension together with "signature_algorithms" extension. But we didn't account for `jdk.tls.client.disableExtensions` and `jdk.tls.server.disableExtensions` system properties which can disable producing "signature_algorithms_cert" extension. This is an issue similar to [JDK-8355779](https://bugs.openjdk.org/browse/JDK-8355779) but on the extension producing side.
Per TLSv1.3 RFC: > If no "signature_algorithms_cert" extension is > present, then the "signature_algorithms" extension also applies to > signatures appearing in certificates. Also making a few cosmetic changes to the existing code. ------------- Commit messages: - 8365820: Apply certificate scope constraints to algorithms in "signature_algorithms" extension when "signature_algorithms_cert" extension is not being sent Changes: https://git.openjdk.org/jdk/pull/26887/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26887&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8365820 Stats: 264 lines in 6 files changed: 229 ins; 25 del; 10 mod Patch: https://git.openjdk.org/jdk/pull/26887.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26887/head:pull/26887 PR: https://git.openjdk.org/jdk/pull/26887
