OpenJDK / jdk / jdk

changeset 53759:e16b61a1395e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
4919790: Errors in alert ssl message does not reflect the actual certificate status Reviewed-by: mullan
author xuelei
date Thu, 14 Feb 2019 14:19:29 -0800
parents 026e1ea616c8
children 4958b60a70bc
files src/java.base/share/classes/sun/security/ssl/Alert.java src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
diffstat 2 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/Alert.java	Tue Feb 05 08:20:09 2019 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/Alert.java	Thu Feb 14 14:19:29 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,7 @@
     HANDSHAKE_FAILURE       ((byte)40,  "handshake_failure", true),
     NO_CERTIFICATE          ((byte)41,  "no_certificate", true),
     BAD_CERTIFICATE         ((byte)42,  "bad_certificate", true),
-    UNSUPPORTED_CERTIFCATE  ((byte)43,  "unsupported_certificate", true),
+    UNSUPPORTED_CERTIFICATE ((byte)43,  "unsupported_certificate", true),
     CERTIFICATE_REVOKED     ((byte)44,  "certificate_revoked", true),
     CERTIFICATE_EXPIRED     ((byte)45,  "certificate_expired", true),
     CERTIFICATE_UNKNOWN     ((byte)46,  "certificate_unknown", true),
--- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java	Tue Feb 05 08:20:09 2019 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java	Thu Feb 14 14:19:29 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -717,6 +717,13 @@
                     alert = chc.staplingActive ?
                             Alert.BAD_CERT_STATUS_RESPONSE :
                             Alert.CERTIFICATE_UNKNOWN;
+                } else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
+                    alert = Alert.UNSUPPORTED_CERTIFICATE;
+                } else if (reason == BasicReason.EXPIRED) {
+                    alert = Alert.CERTIFICATE_EXPIRED;
+                } else if (reason == BasicReason.INVALID_SIGNATURE ||
+                        reason == BasicReason.NOT_YET_VALID) {
+                    alert = Alert.BAD_CERTIFICATE;
                 }
             }
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks