On Wed, 17 Jul 2024 00:48:20 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> Can someone help review this fix? Changed the required-mechanism check by > checking if the particular mechanism is inside the list of enabled supported > mechanisms. This should be more reliable than calling C_GetMechanismInfo(..) > on the required mechanism given vendors may return various sorts of error > codes. > > Thanks, > Valerie > I understand that the sample config is for a test, but are there any > mechanisms we _would_ want to disable by default? It occurred to me as I was > reading through the test and noticed that SHA1 was not in the disabled list > for the test. Are you asking about general PKCS11 provider configuration setting? For PKCS11 providers, users provide their provider configuration file and they decide what to disable. As for SHA-1, it's not disabled by default for SUN provider either. ------------- PR Comment: https://git.openjdk.org/jdk/pull/20207#issuecomment-2243929578
