> To avoid any user confusion, we should block signature scheme names to be > used with `CertificateSignature` algorithm constraints usage. For example, > `RSASSA-PSS` certificate signature algorithm corresponds to multiple > signature scheme names and blocking one of those signature scheme with > `CertificateSignature` usage directive won't block `RSASSA-PSS` certificate > signature because other rsa_pss_* signature schemes still will be allowed. We > should direct users to use certificate signature algorithm with > `CertificateSignature` usage directive. For example: > > - To be blocked: "rsa_pss_pss_sha256 usage CertificateSignature" > - To be allowed: `RSASSA-PSS usage CertificateSignature` or `RSA usage > CertificateSignature`
Artur Barashev has updated the pull request incrementally with one additional commit since the last revision: Fix string concatenation alignment. Use upper-case characters in the test signature scheme name. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/26970/files - new: https://git.openjdk.org/jdk/pull/26970/files/2e23755a..704a70f6 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=26970&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=26970&range=00-01 Stats: 7 lines in 2 files changed: 0 ins; 0 del; 7 mod Patch: https://git.openjdk.org/jdk/pull/26970.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26970/head:pull/26970 PR: https://git.openjdk.org/jdk/pull/26970
