Tighten up no_certificate alert handling
1 files changed, 21 insertions, 10 deletions
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index 5f3ce18e2..298c9f42d 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -388,26 +388,37 @@ namespace Org.BouncyCastle.Crypto.Tls
protected override void HandleWarningMessage(byte description)
{
+ base.HandleWarningMessage(description);
+
switch (description)
{
case AlertDescription.no_certificate:
{
/*
- * SSL 3.0 If the server has sent a certificate request Message, the client must Send
+ * SSL 3.0 If the server has sent a certificate request Message, the client must send
* either the certificate message or a no_certificate alert.
*/
- if (TlsUtilities.IsSsl(Context) && mCertificateRequest != null)
+ if (TlsUtilities.IsSsl(Context) && this.mCertificateRequest != null)
{
- NotifyClientCertificate(Certificate.EmptyChain);
+ switch (this.mConnectionState)
+ {
+ case CS_SERVER_HELLO_DONE:
+ case CS_CLIENT_SUPPLEMENTAL_DATA:
+ {
+ if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
+ {
+ mTlsServer.ProcessClientSupplementalData(null);
+ }
+
+ NotifyClientCertificate(Certificate.EmptyChain);
+ this.mConnectionState = CS_CLIENT_CERTIFICATE;
+ return;
+ }
+ }
}
- break;
- }
- default:
- {
- base.HandleWarningMessage(description);
- break;
- }
+ throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
+ }
}
protected virtual void NotifyClientCertificate(Certificate clientCertificate)
|