archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8232581: Improve TLS verification

Browse source 
Reviewed-by: xuelei, rhalade, mschoene
This commit is contained in:
Jamil Nimeh 2019-10-30 13:15:21 -07:00
parent e6304dcaad
commit 740e70ba17
3 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/java.base/share/classes/sun/security/ssl/Alert.java
View file

@ -265,7 +265,7 @@ enum Alert {
// It's OK to get a no_certificate alert from a client of
// which we requested client authentication. However,
// if we required it, then this is not acceptable.
if (tc.sslConfig.isClientMode ||
if (tc.sslConfig.isClientMode ||
alert != Alert.NO_CERTIFICATE ||
(tc.sslConfig.clientAuthType !=
ClientAuthType.CLIENT_AUTH_REQUESTED)) {
@ -273,8 +273,10 @@ enum Alert {
"received handshake warning: " + alert.description);
} else {
// Otherwise ignore the warning but remove the
// CertificateVerify handshake consumer so the state
// machine doesn't expect it.
// Certificate and CertificateVerify handshake
// consumer so the state machine doesn't expect it.
tc.handshakeContext.handshakeConsumers.remove(
SSLHandshake.CERTIFICATE.id);
tc.handshakeContext.handshakeConsumers.remove(
SSLHandshake.CERTIFICATE_VERIFY.id);
}