diff options
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
| -rw-r--r-- | src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 79a182e1..7ecabba3 100644 --- a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -332,26 +332,14 @@ public class DTLSServerProtocol extends DTLSProtocol { state.keyExchange.skipClientCredentials();
} else {
- state.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
- state.serverCredentials.getCertificate());
-
- /*
- * TODO RFC 5246 7.4.6. The end-entity certificate's public key (and associated
- * restrictions) has to be compatible with the certificate types listed in
- * CertificateRequest.
- */
-
/*
* TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
* message was non-empty, one of the certificates in the certificate chain SHOULD be
* issued by one of the listed CAs.
*/
- /*
- * TODO RFC 5246 7.4.6. The certificates MUST be signed using an acceptable hash/
- * signature algorithm pair, as described in Section 7.4.4. Note that this relaxes the
- * constraints on certificate-signing algorithms found in prior versions of TLS.
- */
+ state.clientCertificateType = TlsUtils.getClientCertificateType(clientCertificate,
+ state.serverCredentials.getCertificate());
state.keyExchange.processClientCertificate(clientCertificate);
}
|