Update for the following comment:
http://hg.openjdk.java.net/jdk/sandbox/rev/fe938437f7ba
This update will be included in the next webrev for further review.
Xuelei
On 5/31/2018 10:04 PM, Xuelei Fan wrote:
CertificateVerify.java
----------------------
-129 if (x509Credentials == null) {
+129 if (x509Credentials == null ||
x509Credentials.popPublicKey == null) {
130 shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
131 "No X509 credentials negotiated for CertificateVerify");
132 }
May be safe to check the x509Credentials.popPublicKey as well. Similar
to line 357-360, 607-610, 916-919.
-233 if (x509Possession == null) {
+233 if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
234 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
235 SSLLogger.fine(
236 "No X.509 credentials negotiated for CertificateVerify");
237 }
238
239 return null;
240 }
May be safe to check the x509Possession.popPrivateKey as well. Similar
to line 458-466, 697-704, 1021-1027.
Otherwise, looks fine to me.