summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2017-06-01 17:03:32 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2017-06-01 17:03:32 +0700
commit3329b24132fc59aca54c6ed8407b4a75bc5a7fce (patch)
tree4c240012681a709f0d92144defa45ebf1159b5ca /crypto
parentRFC 7250 Add methods to work with required extension types (diff)
downloadBouncyCastle.NET-ed25519-3329b24132fc59aca54c6ed8407b4a75bc5a7fce.tar.xz
Tighten up no_certificate alert handling
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/crypto/tls/TlsServerProtocol.cs31
1 files changed, 21 insertions, 10 deletions
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index 5f3ce18e2..298c9f42d 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -388,26 +388,37 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected override void HandleWarningMessage(byte description)
         {
+            base.HandleWarningMessage(description);
+
             switch (description)
             {
             case AlertDescription.no_certificate:
             {
                 /*
-                 * SSL 3.0 If the server has sent a certificate request Message, the client must Send
+                 * SSL 3.0 If the server has sent a certificate request Message, the client must send
                  * either the certificate message or a no_certificate alert.
                  */
-                if (TlsUtilities.IsSsl(Context) && mCertificateRequest != null)
+                if (TlsUtilities.IsSsl(Context) && this.mCertificateRequest != null)
                 {
-                    NotifyClientCertificate(Certificate.EmptyChain);
+                    switch (this.mConnectionState)
+                    {
+                    case CS_SERVER_HELLO_DONE:
+                    case CS_CLIENT_SUPPLEMENTAL_DATA:
+                    {
+                        if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
+                        {
+                            mTlsServer.ProcessClientSupplementalData(null);
+                        }
+
+                        NotifyClientCertificate(Certificate.EmptyChain);
+                        this.mConnectionState = CS_CLIENT_CERTIFICATE;
+                        return;
+                    }
+                    }
                 }
-                break;
-            }
-            default:
-            {
-                base.HandleWarningMessage(description);
-                break;
-            }
+                throw new TlsFatalAlert(AlertDescription.unexpected_message);
             }
+            } 
         }
 
         protected virtual void NotifyClientCertificate(Certificate clientCertificate)