stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

4919790: Errors in alert ssl message does not reflect the actual certificate status

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2019-02-14 14:19:29 -08:00
parent a75f826ea8
commit 2ca0a6689e
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/java.base/share/classes/sun/security/ssl/Alert.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -48,7 +48,7 @@ enum Alert {
HANDSHAKE_FAILURE ((byte)40, "handshake_failure", true),
NO_CERTIFICATE ((byte)41, "no_certificate", true),
BAD_CERTIFICATE ((byte)42, "bad_certificate", true),
UNSUPPORTED_CERTIFCATE ((byte)43, "unsupported_certificate", true),
UNSUPPORTED_CERTIFICATE ((byte)43, "unsupported_certificate", true),
CERTIFICATE_REVOKED ((byte)44, "certificate_revoked", true),
CERTIFICATE_EXPIRED ((byte)45, "certificate_expired", true),
CERTIFICATE_UNKNOWN ((byte)46, "certificate_unknown", true),

9
src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -717,6 +717,13 @@ final class CertificateMessage {
alert = chc.staplingActive ?
Alert.BAD_CERT_STATUS_RESPONSE :
Alert.CERTIFICATE_UNKNOWN;
} else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
alert = Alert.UNSUPPORTED_CERTIFICATE;
} else if (reason == BasicReason.EXPIRED) {
alert = Alert.CERTIFICATE_EXPIRED;
} else if (reason == BasicReason.INVALID_SIGNATURE ||
reason == BasicReason.NOT_YET_VALID) {
alert = Alert.BAD_CERTIFICATE;
}
}