Check IsSsl after other checks (NPE)
1 files changed, 19 insertions, 25 deletions
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index 1ba90cfdc..85b450c9e 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -390,37 +390,31 @@ namespace Org.BouncyCastle.Crypto.Tls
protected override void HandleAlertWarningMessage(byte alertDescription)
{
- base.HandleAlertWarningMessage(alertDescription);
-
- switch (alertDescription)
- {
- case AlertDescription.no_certificate:
+ /*
+ * SSL 3.0 If the server has sent a certificate request Message, the client must send
+ * either the certificate message or a no_certificate alert.
+ */
+ if (AlertDescription.no_certificate == alertDescription && null != mCertificateRequest
+ && TlsUtilities.IsSsl(mTlsServerContext))
{
- /*
- * SSL 3.0 If the server has sent a certificate request Message, the client must send
- * either the certificate message or a no_certificate alert.
- */
- if (TlsUtilities.IsSsl(Context) && this.mCertificateRequest != null)
+ switch (mConnectionState)
{
- switch (this.mConnectionState)
- {
- case CS_SERVER_HELLO_DONE:
- case CS_CLIENT_SUPPLEMENTAL_DATA:
+ case CS_SERVER_HELLO_DONE:
+ case CS_CLIENT_SUPPLEMENTAL_DATA:
+ {
+ if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
{
- if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
- {
- mTlsServer.ProcessClientSupplementalData(null);
- }
-
- NotifyClientCertificate(Certificate.EmptyChain);
- this.mConnectionState = CS_CLIENT_CERTIFICATE;
- return;
- }
+ mTlsServer.ProcessClientSupplementalData(null);
}
+
+ NotifyClientCertificate(Certificate.EmptyChain);
+ this.mConnectionState = CS_CLIENT_CERTIFICATE;
+ return;
+ }
}
- throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
- }
+
+ base.HandleAlertWarningMessage(alertDescription);
}
protected virtual void NotifyClientCertificate(Certificate clientCertificate)
|
