On Thu, 26 Jun 2025 13:22:28 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line >> 226: >> >>> 224: chc.peerSupportedAuthorities == null ? null : >>> 225: chc.peerSupportedAuthorities.clone(), >>> 226: chc.algorithmConstraints); >> >> These `algorithmConstraints` won't include `peerSupportedSignAlgs`. > > @dfuch this too can be marked as resolved. The updated code in this PR now > calls `X509KeyManagerImpl.chooseClientAlias(String[] keyTypes, Principal[] > issuers, QuicTLSEngineImpl quicTLSEngine)` which internally picks up the > `peerSupportedSignAlgs` from the handshake session. Thanks. done. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169182330