diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-15 15:05:28 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-15 15:05:28 +0400 |
commit | 3efee8b0f1e67c727b0c204c45ef399a5c9c4652 (patch) | |
tree | c58655f68db40242d8b8d1e4a65882bcbad69c7c /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
parent | 56e63e21b83fe0c854db7c6c6ff8e90c68a4accb (diff) |
Explicitly fail on CertificateVerify in TLS 1.2 server
Add test coverage for known issue
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index f33ed554..257ea122 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -430,6 +430,11 @@ public class TlsServerProtocol assertEmpty(buf); + if (TlsUtils.isTLSv12(getContext())) + { + throw new TlsFatalAlert(AlertDescription.decrypt_error); + } + // Verify the CertificateVerify message contains a correct signature. boolean verified = false; try |