Fixed a compile error and a bug that was preventing testing.
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Thu Aug 16 14:01:03 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Fri Aug 17 10:35:01 2018 -0400
@@ -835,21 +835,6 @@
}
}
- static DHParameterSpec getDHParameterSpec(NamedGroup namedGroup) {
- if (namedGroup.type != NamedGroupType.NAMED_GROUP_FFDHE) {
- throw new RuntimeException(
- "Not a named DH group: " + namedGroup);
- }
-
- AlgorithmParameters params = namedGroupParams.get(namedGroup);
- try {
- return params.getParameterSpec(DHParameterSpec.class);
- } catch (InvalidParameterSpecException ipse) {
- // should be unlikely
- return getPredefinedDHParameterSpec(namedGroup);
- }
- }
-
// Is there any supported group permitted by the constraints?
static boolean isActivatable(
AlgorithmConstraints constraints, NamedGroupType type) {
--- a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Thu Aug 16 14:01:03 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Fri Aug 17 10:35:01 2018 -0400
@@ -285,15 +285,12 @@
}
// For ECC certs, check whether we support the EC domain
- // parameters. If the client sent a SupportedEllipticCurves
- // ClientHello extension, check against that too.
+ // parameters.
ECParameterSpec params =
((ECPublicKey)serverPublicKey).getParams();
NamedGroup namedGroup = NamedGroup.valueOf(params);
if ((namedGroup == null) ||
- (!SupportedGroups.isSupported(namedGroup)) ||
- ((shc.clientRequestedNamedGroups != null) &&
- !shc.clientRequestedNamedGroups.contains(namedGroup))) {
+ (!SupportedGroups.isSupported(namedGroup))) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(