On Tue, 22 Apr 2025 16:15:29 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Daniel Fuchs has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 506 commits: >> >> - merge latest changes from master branch >> - http3: update H3InsertionsLimitTest to start after receival of client >> settings >> - merge latest changes from master branch >> - quic: separate out the idle termination timer and the STREAM_DATA_BLOCKED >> timer >> - quic: simplify idle timeout management >> - http3: rely on the sole isOpen() method instead of isOpen() and isClosed() >> - quic: do not let h3 idle (in pool) timeout to influence the quic >> transport idle timeout >> - merge latest changes from master branch >> - http3: improve H3ConnectionPoolTest.java >> - Fix snippet >> - ... and 496 more: https://git.openjdk.org/jdk/compare/8d33ea73...d4984d5e > > src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 226: > >> 224: chc.peerSupportedAuthorities == null ? null : >> 225: chc.peerSupportedAuthorities.clone(), >> 226: chc.algorithmConstraints); > > These `algorithmConstraints` won't include `peerSupportedSignAlgs`. @dfuch this too can be marked as resolved. The updated code in this PR now calls `X509KeyManagerImpl.chooseClientAlias(String[] keyTypes, Principal[] issuers, QuicTLSEngineImpl quicTLSEngine)` which internally picks up the `peerSupportedSignAlgs` from the handshake session. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169064530