### Eclipse Workspace Patch 1.0
#P classpath
Index: gnu/javax/net/ssl/provider/ClientHandshake.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java,v
retrieving revision 1.2
diff -u -r1.2 ClientHandshake.java
--- gnu/javax/net/ssl/provider/ClientHandshake.java	10 Dec 2006 20:25:42 -0000	1.2
+++ gnu/javax/net/ssl/provider/ClientHandshake.java	23 Mar 2007 04:29:44 -0000
@@ -1082,7 +1082,13 @@
       Cipher rsa = Cipher.getInstance("RSA");
       java.security.cert.Certificate cert
         = engine.session().getPeerCertificates()[0];
-      rsa.init(Cipher.ENCRYPT_MODE, cert);
+      if (cert instanceof X509Certificate)
+        {
+          boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+          if (keyUsage != null && !keyUsage[2])
+            throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+        }
+      rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
       encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
       
       // Generate our session keys, because we can.