# HG changeset patch
# User xuelei
# Date 1527101741 25200
# Node ID 58ad02eb44c33fd67cbff5c4e7f61f4702123a20
# Parent  137a16d6d98772026889549c885f68140ddcbfa5
mismatching sign_alg and sign_alg_cert

diff -r 137a16d6d987 -r 58ad02eb44c3 src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Wed May 23 11:55:41 2018 -0700
@@ -196,6 +196,7 @@
                             shc.algorithmConstraints, shc.negotiatedProtocol,
                             spec.signatureSchemes);
             shc.peerRequestedCertSignSchemes = shemes;
+            shc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
 
             if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
                 if (shc.sslConfig.clientAuthType !=
@@ -341,6 +342,7 @@
                             chc.algorithmConstraints, chc.negotiatedProtocol,
                             spec.signatureSchemes);
             chc.peerRequestedCertSignSchemes = shemes;
+            chc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
         }
     }
 }
diff -r 137a16d6d987 -r 58ad02eb44c3 src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java	Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java	Wed May 23 11:55:41 2018 -0700
@@ -673,6 +673,7 @@
                 }
             }
             chc.peerRequestedSignatureSchemes = sss;
+            chc.peerRequestedCertSignSchemes = sss;     // use the same schemes
             chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
 
             X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
diff -r 137a16d6d987 -r 58ad02eb44c3 src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Wed May 23 11:55:41 2018 -0700
@@ -103,7 +103,7 @@
     private X509Certificate[]   localCerts;
     private PrivateKey          localPrivateKey;
     private final String[]      localSupportedSignAlgs;
-    private String[]            peerSupportedSignAlgs;
+    private String[]            peerSupportedSignAlgs;      // for certificate
     private boolean             useDefaultPeerSignAlgs = false;
     private List<byte[]>        statusResponses;
     private SecretKey           resumptionMasterSecret;
diff -r 137a16d6d987 -r 58ad02eb44c3 src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Wed May 23 11:55:41 2018 -0700
@@ -276,11 +276,11 @@
             }
 
             // update the context
-            List<SignatureScheme> shemes =
+            List<SignatureScheme> sss =
                     SignatureScheme.getSupportedAlgorithms(
                             shc.algorithmConstraints, shc.negotiatedProtocol,
                             spec.signatureSchemes);
-            shc.peerRequestedSignatureSchemes = shemes;
+            shc.peerRequestedSignatureSchemes = sss;
 
             // If no "signature_algorithms_cert" extension is present, then
             // the "signature_algorithms" extension also applies to
@@ -289,12 +289,12 @@
                     (SignatureSchemesSpec)shc.handshakeExtensions.get(
                             SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
             if (certSpec == null) {
-                shc.peerRequestedCertSignSchemes = shemes;
+                shc.peerRequestedCertSignSchemes = sss;
+                shc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
             }
 
-            shc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
-
-            if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
+            if (!shc.isResumption &&
+                    shc.negotiatedProtocol.useTLS13PlusSpec()) {
                 if (shc.sslConfig.clientAuthType !=
                         ClientAuthType.CLIENT_AUTH_NONE) {
                     shc.handshakeProducers.putIfAbsent(
@@ -514,11 +514,11 @@
             }
 
             // update the context
-            List<SignatureScheme> shemes =
+            List<SignatureScheme> sss =
                     SignatureScheme.getSupportedAlgorithms(
                             chc.algorithmConstraints, chc.negotiatedProtocol,
                             spec.signatureSchemes);
-            chc.peerRequestedSignatureSchemes = shemes;
+            chc.peerRequestedSignatureSchemes = sss;
 
             // If no "signature_algorithms_cert" extension is present, then
             // the "signature_algorithms" extension also applies to
@@ -527,10 +527,9 @@
                     (SignatureSchemesSpec)chc.handshakeExtensions.get(
                             SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
             if (certSpec == null) {
-                chc.peerRequestedCertSignSchemes = shemes;
+                chc.peerRequestedCertSignSchemes = sss;
+                chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
             }
-
-            chc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
         }
     }