diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-05-20 15:02:10 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-05-20 15:02:10 +0400 |
| commit | 031b1ba8a5935e427d58cbc061c5eedc3e184c53 (patch) | |
| tree | e9edcd9572582ba8c42e83b2e895e5a99c0b6f67 | |
| parent | 3a5daa570f926153f3f098594299200085950f65 (diff) | |
Cleanup TODOs
3 files changed, 11 insertions, 29 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 79a182e1..7ecabba3 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -332,26 +332,14 @@ public class DTLSServerProtocol extends DTLSProtocol { state.keyExchange.skipClientCredentials();
} else {
- state.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
- state.serverCredentials.getCertificate());
-
- /*
- * TODO RFC 5246 7.4.6. The end-entity certificate's public key (and associated
- * restrictions) has to be compatible with the certificate types listed in
- * CertificateRequest.
- */
-
/*
* TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
* message was non-empty, one of the certificates in the certificate chain SHOULD be
* issued by one of the listed CAs.
*/
- /*
- * TODO RFC 5246 7.4.6. The certificates MUST be signed using an acceptable hash/
- * signature algorithm pair, as described in Section 7.4.4. Note that this relaxes the
- * constraints on certificate-signing algorithms found in prior versions of TLS.
- */
+ state.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
+ state.serverCredentials.getCertificate());
state.keyExchange.processClientCertificate(clientCertificate);
}
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 15e7632e..874eecd0 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -338,26 +338,14 @@ public class TlsServerProtocol extends TlsProtocol { this.keyExchange.skipClientCredentials();
} else {
- this.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
- this.serverCredentials.getCertificate());
-
- /*
- * TODO RFC 5246 7.4.6. The end-entity certificate's public key (and associated
- * restrictions) has to be compatible with the certificate types listed in
- * CertificateRequest.
- */
-
/*
* TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
* message was non-empty, one of the certificates in the certificate chain SHOULD be
* issued by one of the listed CAs.
*/
- /*
- * TODO RFC 5246 7.4.6. The certificates MUST be signed using an acceptable hash/
- * signature algorithm pair, as described in Section 7.4.4. Note that this relaxes the
- * constraints on certificate-signing algorithms found in prior versions of TLS.
- */
+ this.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
+ this.serverCredentials.getCertificate());
this.keyExchange.processClientCertificate(clientCertificate);
}
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java b/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java index 8f428240..e5219768 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java +++ b/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java @@ -815,7 +815,13 @@ public class TlsUtils }
/*
- * RFC 7.4.6. Client Certificate
+ * TODO RFC 5246 7.4.6. The certificates MUST be signed using an acceptable hash/
+ * signature algorithm pair, as described in Section 7.4.4. Note that this relaxes the
+ * constraints on certificate-signing algorithms found in prior versions of TLS.
+ */
+
+ /*
+ * RFC 5246 7.4.6. Client Certificate
*/
/*
|