JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm

[johnshajiang]

If signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change must be properly reviewed

Issue

• JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm

Reviewers

• Xue-Lei Andrew Fan (@XueleiFan - Reviewer)

Download

To checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/2876/head:pull/2876
$ git checkout pull/2876

To update a local copy of the PR:
$ git checkout pull/2876
$ git pull https://git.openjdk.java.net/jdk pull/2876/head

[bridgekeeper]

👋 Welcome back jjiang! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@johnshajiang The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (a0552d4)
• 00: Full (bed8a7b)

[johnshajiang]

Could this change be reviewed? Thanks!

[XueleiFan]

Looks good to me. Thanks!

[openjdk]

@johnshajiang This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8263188: JSSE should fail fast if there isn't supported signature algorithm

Reviewed-by: xuelei

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 322 new commits pushed to the master branch:

• 6678b01: 8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
• 2fa6a3c: 8264006: Fix AOT library loading on CPUs with 256-byte dcache line
• c986457: 8264329: Z cannot be 1 for Diffie-Hellman key agreement
• a209ed0: 8263670: pmap and pstack in jhsdb do not work on debug server
• 38e0a58: 8264273: macOS: zero VM is broken due to no member named 'is_cpu_emulated' after JDK-8261966
• c9d2d02: 8263632: Improve exception handling of APIs in classLoader.cpp
• 59ed1fa: 8264087: Use the blessed modifier order in jdk.jconsole
• 054e0a4: 8264017: Correctly report inlined frame in JFR sampling
• d6bb153: 8264240: [macos_aarch64] enable appcds support after JDK-8263002
• 7284f01: 8262110: DST starts from incorrect time in 2038
• ... and 312 more: https://git.openjdk.java.net/jdk/compare/679faa691adba139c698ec2e34f71f452b6400ad...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[johnshajiang]

@XueleiFan Thanks for your review!
@jnimeh Thanks for your suggestion for writing the tests!

/integrate

[openjdk]

@johnshajiang Since your change was applied there have been 322 commits pushed to the master branch:

• 6678b01: 8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
• 2fa6a3c: 8264006: Fix AOT library loading on CPUs with 256-byte dcache line
• c986457: 8264329: Z cannot be 1 for Diffie-Hellman key agreement
• a209ed0: 8263670: pmap and pstack in jhsdb do not work on debug server
• 38e0a58: 8264273: macOS: zero VM is broken due to no member named 'is_cpu_emulated' after JDK-8261966
• c9d2d02: 8263632: Improve exception handling of APIs in classLoader.cpp
• 59ed1fa: 8264087: Use the blessed modifier order in jdk.jconsole
• 054e0a4: 8264017: Correctly report inlined frame in JFR sampling
• d6bb153: 8264240: [macos_aarch64] enable appcds support after JDK-8263002
• 7284f01: 8262110: DST starts from incorrect time in 2038
• ... and 312 more: https://git.openjdk.java.net/jdk/compare/679faa691adba139c698ec2e34f71f452b6400ad...master

Your commit was automatically rebased without conflicts.

Pushed as commit 99b4bab.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.