--- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java Wed May 23 11:55:41 2018 -0700
@@ -196,6 +196,7 @@
shc.algorithmConstraints, shc.negotiatedProtocol,
spec.signatureSchemes);
shc.peerRequestedCertSignSchemes = shemes;
+ shc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
if (shc.sslConfig.clientAuthType !=
@@ -341,6 +342,7 @@
chc.algorithmConstraints, chc.negotiatedProtocol,
spec.signatureSchemes);
chc.peerRequestedCertSignSchemes = shemes;
+ chc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
}
}
}
--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Wed May 23 11:55:41 2018 -0700
@@ -673,6 +673,7 @@
}
}
chc.peerRequestedSignatureSchemes = sss;
+ chc.peerRequestedCertSignSchemes = sss; // use the same schemes
chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Wed May 23 11:55:41 2018 -0700
@@ -103,7 +103,7 @@
private X509Certificate[] localCerts;
private PrivateKey localPrivateKey;
private final String[] localSupportedSignAlgs;
- private String[] peerSupportedSignAlgs;
+ private String[] peerSupportedSignAlgs; // for certificate
private boolean useDefaultPeerSignAlgs = false;
private List<byte[]> statusResponses;
private SecretKey resumptionMasterSecret;
--- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Wed May 23 09:33:37 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Wed May 23 11:55:41 2018 -0700
@@ -276,11 +276,11 @@
}
// update the context
- List<SignatureScheme> shemes =
+ List<SignatureScheme> sss =
SignatureScheme.getSupportedAlgorithms(
shc.algorithmConstraints, shc.negotiatedProtocol,
spec.signatureSchemes);
- shc.peerRequestedSignatureSchemes = shemes;
+ shc.peerRequestedSignatureSchemes = sss;
// If no "signature_algorithms_cert" extension is present, then
// the "signature_algorithms" extension also applies to
@@ -289,12 +289,12 @@
(SignatureSchemesSpec)shc.handshakeExtensions.get(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
if (certSpec == null) {
- shc.peerRequestedCertSignSchemes = shemes;
+ shc.peerRequestedCertSignSchemes = sss;
+ shc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
}
- shc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
-
- if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
+ if (!shc.isResumption &&
+ shc.negotiatedProtocol.useTLS13PlusSpec()) {
if (shc.sslConfig.clientAuthType !=
ClientAuthType.CLIENT_AUTH_NONE) {
shc.handshakeProducers.putIfAbsent(
@@ -514,11 +514,11 @@
}
// update the context
- List<SignatureScheme> shemes =
+ List<SignatureScheme> sss =
SignatureScheme.getSupportedAlgorithms(
chc.algorithmConstraints, chc.negotiatedProtocol,
spec.signatureSchemes);
- chc.peerRequestedSignatureSchemes = shemes;
+ chc.peerRequestedSignatureSchemes = sss;
// If no "signature_algorithms_cert" extension is present, then
// the "signature_algorithms" extension also applies to
@@ -527,10 +527,9 @@
(SignatureSchemesSpec)chc.handshakeExtensions.get(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
if (certSpec == null) {
- chc.peerRequestedCertSignSchemes = shemes;
+ chc.peerRequestedCertSignSchemes = sss;
+ chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
}
-
- chc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
}
}