Code Review Request: TLS 1.3 Implementation
Xuelei Fan
xuelei.fan at oracle.com
Sat Jun 2 14:36:34 UTC 2018
Update for the following comment:
http://hg.openjdk.java.net/jdk/sandbox/rev/fe938437f7ba
This update will be included in the next webrev for further review.
Xuelei
On 5/31/2018 10:04 PM, Xuelei Fan wrote:
> CertificateVerify.java
> ----------------------
> -129 if (x509Credentials == null) {
> +129 if (x509Credentials == null ||
> x509Credentials.popPublicKey == null) {
> 130 shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
> 131 "No X509 credentials negotiated for CertificateVerify");
> 132 }
>
> May be safe to check the x509Credentials.popPublicKey as well. Similar
> to line 357-360, 607-610, 916-919.
>
>
> -233 if (x509Possession == null) {
> +233 if (x509Possession == null ||
> x509Possession.popPrivateKey == null) {
> 234 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
> 235 SSLLogger.fine(
> 236 "No X.509 credentials negotiated for CertificateVerify");
> 237 }
> 238
> 239 return null;
> 240 }
>
> May be safe to check the x509Possession.popPrivateKey as well. Similar
> to line 458-466, 697-704, 1021-1027.
>
> Otherwise, looks fine to me.
More information about the security-dev
mailing list