On Tue, 9 Apr 2024 18:34:52 GMT, Mark Powers <mpow...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Update to match CSR for disableLegacy -> allowLegacy name change > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line > 1344: > >> 1342: continue; >> 1343: } >> 1344: } > > I'm curious why this check was moved down in the file. The only advantage I > see is that you have access to `d.type`. Yes, this is the purpose, e.g. perform the check based on the type of registered service. The earlier check does not take into account of the registered service and disables a mechanism completely even when it can still be used for some. For example, a mechanism supports decryption, signing, and verification will be disabled completely with the earlier check, but will still be enabled for Signature with this proposed change. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18387#discussion_r1558368927
