Integrated: JDK-8311644 Server should not send bad_certificate alert when the client does not send any certificates
Anthony Scarpino
ascarpino at openjdk.org
Mon Feb 26 16:51:50 UTC 2024
On Tue, 6 Feb 2024 01:23:00 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a code review of what is really a text change. This changes the alert type returned during some TLS CertificateMessage failures to what is recommended in [RFC 8446](https://tools.ietf.org/html/rfc8446). An additional change was to add the alert description to the thrown exception. This makes it easier for the user to know the alert type and makes testing easier. Two of the three changes are tested as the final one is too hard to test. A few tests needed change as they did string comparing on exception messages.
>
> Tony
This pull request has now been integrated.
Changeset: f62b5789
Author: Anthony Scarpino <ascarpino at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/f62b5789add23adda2634a1cfb80f48b4387be74
Stats: 270 lines in 8 files changed: 191 ins; 24 del; 55 mod
8311644: Server should not send bad_certificate alert when the client does not send any certificates
Reviewed-by: djelinski, jjiang, ssahoo
-------------
PR: https://git.openjdk.org/jdk/pull/17717
More information about the security-dev
mailing list