8232581: Improve TLS verification

Reviewed-by: xuelei, rhalade, mschoene
2025-08-28 15:24:43 +02:00 · 2019-10-30 13:15:21 -07:00 · 2019-10-30 13:15:21 -07:00 · 740e70ba17
commit 740e70ba17
parent e6304dcaad
3 changed files with 19 additions and 3 deletions
--- a/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
@ -90,6 +90,16 @@ final class ClientKeyExchange {
            ServerHandshakeContext shc = (ServerHandshakeContext)context;
            // clean up this consumer
            shc.handshakeConsumers.remove(SSLHandshake.CLIENT_KEY_EXCHANGE.id);
+
+            // Check for an unprocessed client Certificate message.  If that
+            // handshake consumer is still present then that expected message
+            // was not sent.
+            if (shc.handshakeConsumers.containsKey(
+                    SSLHandshake.CERTIFICATE.id)) {
+                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected ClientKeyExchange handshake message.");
+            }
+
            SSLKeyExchange ke = SSLKeyExchange.valueOf(
                    shc.negotiatedCipherSuite.keyExchange,
                    shc.negotiatedProtocol);