< prev index next >
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
Print this page
rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan
*** 586,595 ****
--- 586,596 ----
// This happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
+ chc.algorithmConstraints,
chc.peerRequestedSignatureSchemes,
x509Possession,
chc.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
*** 895,904 ****
--- 896,906 ----
X509Possession x509Possession) throws IOException {
super(context);
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
+ context.algorithmConstraints,
context.peerRequestedSignatureSchemes,
x509Possession,
context.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
< prev index next >