Project

General

Profile

Bug #220

TLS by Tobias violates RFC 2246

Added by Simon Potzernheim over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
04/18/2013
Due date:
% Done:

0%

Estimated time:
0.00 h
Reviewer:
Build Version:

Description

The TlsAuthentication throws an Exception when the Server provides a certificate request message.

RFC 2246 says:
"The server will then wait for a client response. If the server has sent a certificate
request message, the client must send the certificate message."

"The same message type and structure will be used for the client's
response to a certificate request message. Note that a client may
send no certificates if it does not have an appropriate certificate
to send in response to the server's authentication request."

Associated revisions

Revision d529e519 (diff)
Added by Tobias Wich over 7 years ago

Return empty certificate chain on client cert requests in TlsNoAuthentication (fixes #220)

History

#1

Updated by Dirk Petrautzki over 7 years ago

I think to be RFC compliant the TlsNoAuthentication should not throw an UnsupportedOperationException in it's getClientCredentials-Method but return TlsCredentials that itself returns org.openecard.bouncycastle.crypto.tls.Certificate.EMPTY_CHAIN.

#2

Updated by Tobias Wich over 7 years ago

  • Status changed from New to Closed
  • Reviewer changed from Simon Potzernheim to Tobias Wich

Also available in: Atom PDF