Hi! I'm currently implementing a TLS client for some custom certificate validation but don't understand how certificate validation errors is supposed to propagate.
I've created a class, BcTlsClient, that inherits from DefaultTlsClient. In the GetAuthentication method I supply another class, BcTlsAuthentication, that implements the TlsAuthentication interface. I get the server certificate in the NotifyServerCertificate method and I'm able to verify the certificate. For an untrusted CA it seems I should throw new TlsFatalAlert(AlertDescription.bad_certificate), but that is being caught in TlsProtocolHandler->SafeReadData and propagated as IOException with message "Internal TLS error, this could be an attack", which might not be the most informative message when the certificate isn't trusted. :) How am I supposed to handle those problems, not trusted, expired and so on? Best regards, John
