From 2ea5b59d3f39e6570f9a50aadf750edeaeed1693 Mon Sep 17 00:00:00 2001 From: Nidhi Jaju Date: Tue, 25 Apr 2023 23:56:18 +0000 Subject: [PATCH] address comments --- index.bs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/index.bs b/index.bs index dffbdc56..7460abb3 100644 --- a/index.bs +++ b/index.bs @@ -792,7 +792,7 @@ sequence<{{WebTransportHash}}> |serverCertificateHashes|, run these steps. |networkPartitionKey|, |url|, false, |newConnection|, and |http3Only|. If the user agent supports more than one congestion control algorithm, choose one appropriate for |congestionControl| for sending of data on this |connection|. When obtaining a connection, if - |serverCertificateHashes| is specified instead of the default certificate version algorithm, + |serverCertificateHashes| is specified instead of the default certificate verification algorithm, validate the certificate against [=custom certificate requirements=], and then [=verify a certificate hash|verify the certificate hash=] against |serverCertificateHashes|. The certificate is considered valid if and only if both of those checks pass. @@ -1192,11 +1192,10 @@ To verify a certificate hash, given a |certificate| and an array of h perform the following steps: 1. Let |referenceHash| be the result of [=computing a certificate hash=] with |certificate|. 1. For every hash |hash| in |hashes|: - 1. If |hash|.{{WebTransportHash/value}} is not null: + 1. If |hash|.{{WebTransportHash/value}} is not null and |hash|.{{WebTransportHash/algorithm}} + is an [=ASCII case-insensitive=] match with "sha-256": 1. Let |hashValue| be the byte sequence which |hash|.{{WebTransportHash/value}} represents. - 1. If |hash|.{{WebTransportHash/algorithm}} is an [=ASCII case-insensitive=] match with - "sha-256", and |hashValue| is equal to |referenceHash|, the |certificate| is valid. - Return true. + 1. If |hashValue| is equal to |referenceHash|, return true. 1. Return false.