# HG changeset patch
# User jnimeh
# Date 1539714281 25200
# Node ID af6fb2cb82ae7a69ddd131917afb2cabb0ed8731
# Parent  f586d225bd0b12208e265cefdb60aa0f0098dd60
8211866: TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms
Reviewed-by: xuelei

diff -r f586d225bd0b -r af6fb2cb82ae src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Tue Oct 16 11:24:41 2018 -0700
@@ -243,18 +243,16 @@
             }
 
             // Produce the extension.
-            if (shc.localSupportedSignAlgs == null) {
-                shc.localSupportedSignAlgs =
+            List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, shc.activeProtocols);
-            }
+                            shc.algorithmConstraints,
+                            List.of(shc.negotiatedProtocol));
 
-            int vectorLen = SignatureScheme.sizeInRecord() *
-                    shc.localSupportedSignAlgs.size();
+            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
             ByteBuffer m = ByteBuffer.wrap(extData);
             Record.putInt16(m, vectorLen);
-            for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+            for (SignatureScheme ss : sigAlgs) {
                 Record.putInt16(m, ss.id);
             }
 
diff -r f586d225bd0b -r af6fb2cb82ae src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Tue Oct 16 11:24:41 2018 -0700
@@ -410,18 +410,16 @@
             }
 
             // Produce the extension.
-            if (shc.localSupportedSignAlgs == null) {
-                shc.localSupportedSignAlgs =
+            List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, shc.activeProtocols);
-            }
+                            shc.algorithmConstraints,
+                            List.of(shc.negotiatedProtocol));
 
-            int vectorLen = SignatureScheme.sizeInRecord() *
-                    shc.localSupportedSignAlgs.size();
+            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
             ByteBuffer m = ByteBuffer.wrap(extData);
             Record.putInt16(m, vectorLen);
-            for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+            for (SignatureScheme ss : sigAlgs) {
                 Record.putInt16(m, ss.id);
             }