Check IsSsl after other checks (NPE)

author: Peter Dettman <peter.dettman@bouncycastle.org> 2020-02-20 00:47:52 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2020-02-20 00:47:52 +0700
commit: 7709ff7f23cb807f9a21c0dc5ca2108c4d4d8e48 (patch)
tree: 6608b75fa43158e3bee2897c96ef555bd86c85ba /crypto
parent: ASN.1 updates from bc-java (diff)
download: BouncyCastle.NET-ed25519-7709ff7f23cb807f9a21c0dc5ca2108c4d4d8e48.tar.xz
1 files changed, 19 insertions, 25 deletions
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index 1ba90cfdc..85b450c9e 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -390,37 +390,31 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected override void HandleAlertWarningMessage(byte alertDescription)
         {
-            base.HandleAlertWarningMessage(alertDescription);
-
-            switch (alertDescription)
-            {
-            case AlertDescription.no_certificate:
+            /*
+             * SSL 3.0 If the server has sent a certificate request Message, the client must send
+             * either the certificate message or a no_certificate alert.
+             */
+            if (AlertDescription.no_certificate == alertDescription && null != mCertificateRequest
+                && TlsUtilities.IsSsl(mTlsServerContext))
             {
-                /*
-                 * SSL 3.0 If the server has sent a certificate request Message, the client must send
-                 * either the certificate message or a no_certificate alert.
-                 */
-                if (TlsUtilities.IsSsl(Context) && this.mCertificateRequest != null)
+                switch (mConnectionState)
                 {
-                    switch (this.mConnectionState)
-                    {
-                    case CS_SERVER_HELLO_DONE:
-                    case CS_CLIENT_SUPPLEMENTAL_DATA:
+                case CS_SERVER_HELLO_DONE:
+                case CS_CLIENT_SUPPLEMENTAL_DATA:
+                {
+                    if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
                     {
-                        if (mConnectionState < CS_CLIENT_SUPPLEMENTAL_DATA)
-                        {
-                            mTlsServer.ProcessClientSupplementalData(null);
-                        }
-
-                        NotifyClientCertificate(Certificate.EmptyChain);
-                        this.mConnectionState = CS_CLIENT_CERTIFICATE;
-                        return;
-                    }
+                        mTlsServer.ProcessClientSupplementalData(null);
                     }
+
+                    NotifyClientCertificate(Certificate.EmptyChain);
+                    this.mConnectionState = CS_CLIENT_CERTIFICATE;
+                    return;
+                }
                 }
-                throw new TlsFatalAlert(AlertDescription.unexpected_message);
             }
-            } 
+
+            base.HandleAlertWarningMessage(alertDescription);
         }
 
         protected virtual void NotifyClientCertificate(Certificate clientCertificate)
author	Peter Dettman <peter.dettman@bouncycastle.org>	2020-02-20 00:47:52 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2020-02-20 00:47:52 +0700
commit	7709ff7f23cb807f9a21c0dc5ca2108c4d4d8e48 (patch)
tree	6608b75fa43158e3bee2897c96ef555bd86c85ba /crypto
parent	ASN.1 updates from bc-java (diff)
download	BouncyCastle.NET-ed25519-7709ff7f23cb807f9a21c0dc5ca2108c4d4d8e48.tar.xz