On Thu, 26 Jun 2025 13:22:28 GMT, Jaikiran Pai <j...@openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 
>> 226:
>> 
>>> 224:                     chc.peerSupportedAuthorities == null ? null :
>>> 225:                             chc.peerSupportedAuthorities.clone(),
>>> 226:                     chc.algorithmConstraints);
>> 
>> These `algorithmConstraints` won't include `peerSupportedSignAlgs`.
>
> @dfuch this too can be marked as resolved. The updated code in this PR now 
> calls `X509KeyManagerImpl.chooseClientAlias(String[] keyTypes, Principal[] 
> issuers, QuicTLSEngineImpl quicTLSEngine)` which internally picks up the 
> `peerSupportedSignAlgs` from the handshake session.

Thanks. done.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2169182330

Reply via email to