Hi Gerald,
The problem was with CertificateRequest message – it was made with
incorrect length of certificate_authorities vector. Please, try
attached patch. Before applying the patch please revert all previously
patched files to their initial state:
%Harmony_WS_Root%> svn revert
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse
Thank you for your assistance,
Alexander Kleymenov
On 10/24/06, Gerald Jerome <[EMAIL PROTECTED]> wrote:
Hello Alexander,
Unfortunately, I'm still getting the decode_error after making the changes
referenced in patch3.txt. I've attached a .tar file to this reply so you
can verify I made the appropriate changes (.zip files will not go through
our email server). Below is the debug output I receive:
socket[main] SSLSocketImpl: CLIENT
socket[main] SSLSocketImpl.startHandshake
socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP
record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[67]:
01 00 00 3F 03 01 16 16 16 16 C9 61 E8 E5 AF C5
5C 6E 8A C9 68 77 9D 47 46 66 CA 8C D2 4B FD 75
F3 96 78 AA FE 3E 00 00 18 00 04 00 05 00 0A 00
16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 00
11 01 00
socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP
record[main] SSLRecordProtocol.unwrap: BEGIN [
record[main] Got the message of type: 22
record[main] TLSCiphertext.fragment[74]: ...
02 00 00 46 03 01 45 3D 15 1B CF 40 57 BF 9C 29
6A 8C 19 DA A2 12 2B 26 B1 91 27 EB 82 85 FE FE
CF E1 DD 04 27 F7 20 ED 32 80 1B BA 25 B3 64 24
0E 7C C0 9E 34 AC 0D 8F 41 78 0D 04 FE 96 D6 1D
2F 03 67 C6 44 B5 AF 00 04 00
record[main] SSLRecordProtocol:unwrap ] END, type: 22
socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP
record[main] SSLRecordProtocol.unwrap: BEGIN [
record[main] Got the message of type: 22
record[main] TLSCiphertext.fragment[2235]: ...
0B 00 08 B7 00 08 B4 00 05 7B 30 82 05 77 30 82
05 21 A0 03 02 01 02 02 0A 27 34 7A FD 00 01 00
00 09 FA 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7
0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77
63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06
13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43
4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F
72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A
06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03
55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04
03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20
44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E
17 0D 30 36 30 34 32 31 31 36 33 35 32 32 5A 17
0D 31 31 30 34 32 31 31 36 34 35 32 32 5A 30 81
84 31 23 30 21 06 09 2A 86 48 86 F7 0D 01 09 01
16 14 6D 61 63 69 65 6A 2E 6E 6F 77 61 6B 40 6D
63 69 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13
02 55 53 31 0B 30 09 06 03 55 04 08 13 02 4E 59
31 12 30 10 06 03 55 04 07 13 09 52 79 65 20 42
72 6F 6F 6B 31 0C 30 0A 06 03 55 04 0A 13 03 4D
43 49 31 0B 30 09 06 03 55 04 0B 13 02 49 54 31
14 30 12 06 03 55 04 03 13 0B 53 61 66 65 20 53
65 72 76 65 72 30 82 01 22 30 0D 06 09 2A 86 48
86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01
0A 02 82 01 01 00 D0 99 17 A4 C3 84 6D 81 B3 6C
9B A3 82 F4 26 6D 84 6E 1C 4E ED 5D BD A8 D2 42
23 5F C6 54 38 13 09 DF 85 4D BF C3 58 7F 50 B3
80 D2 D5 03 6E 3E 68 9F DC 48 A6 09 D1 12 83 F5
CF FE 7D 0F 11 9D CF 1A 87 99 A5 64 1B AB 24 F1
98 1A 81 84 49 38 1A 0F D6 C8 20 5D 24 5F 02 6F
49 72 B5 FA 8C 56 46 0B 25 F9 10 DB 0C 20 77 60
38 1D 18 2E 4C 50 BD 7C A8 64 F5 6E 39 5E 44 62
7B D5 A7 93 04 3C 71 3C F7 9D B7 B9 42 86 1E 4D
10 51 C3 26 95 15 2C A1 9D 3D A3 D8 38 31 32 70
5E F9 B1 8B 30 6A 0E AB 10 7E EA 7C E7 FA 7A 46
45 81 51 14 28 95 30 51 70 B9 7E C6 87 18 5F D4
B3 B4 25 1C 73 64 9C 60 AC AB DF F3 6E 54 11 47
8C 96 6E 88 19 8C 25 B5 74 66 DB 4C FD F0 33 13
C4 DF 6B 4F 30 1F 94 E6 45 81 12 CD 33 64 69 A1
7A 20 73 E9 0B 88 FA 1D EF 35 FF 73 6E CC 25 CF
B1 C0 D2 24 80 97 02 03 01 00 01 A3 82 02 94 30
82 02 90 30 1A 06 03 55 1D 11 04 13 30 11 82 09
6F 6D 7A 73 72 76 30 39 30 87 04 A6 25 D6 1E 30
1D 06 03 55 1D 0E 04 16 04 14 73 F7 B1 30 41 13
95 DD F2 46 F3 AC B5 C6 45 8C 01 AE 30 F7 30 81
D5 06 03 55 1D 23 04 81 CD 30 81 CA 80 14 5E 23
81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB
24 A3 A1 81 9F A4 81 9C 30 81 99 31 20 30 1E 06
09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74
2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30
09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03
55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07
13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E
67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49
31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24
30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73
74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E
74 20 43 41 82 10 2F 06 C1 83 30 75 AF A6 43 FB
5C 2A A4 FF D5 97 30 81 A5 06 03 55 1D 1F 04 81
9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70
3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65
72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54
65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65
6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C
30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C
5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74
45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73
74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F
70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 81
D2 06 08 2B 06 01 05 05 07 01 01 04 81 C5 30 81
C2 30 5E 06 08 2B 06 01 05 05 07 30 02 86 52 68
74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31
2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 6E 64 63 6E
61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73
74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F
70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72
74 30 60 06 08 2B 06 01 05 05 07 30 02 86 54 66
69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65
62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 6E 64
63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54
65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65
6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E
63 72 74 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
05 00 03 41 00 4B B1 87 EB 38 FF 03 C4 DE 8E D3
AA FA 8C D3 68 26 C8 C0 01 94 F1 E1 3D ED F8 48
D9 E5 D5 23 B7 C5 DF 58 DA 87 28 0A C2 85 37 A5
45 84 58 93 34 3C A1 5F 40 D7 27 15 50 78 36 7C
C3 EB C2 29 C3 00 03 33 30 82 03 2F 30 82 02 D9
A0 03 02 01 02 02 10 2F 06 C1 83 30 75 AF A6 43
FB 5C 2A A4 FF D5 97 30 0D 06 09 2A 86 48 86 F7
0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A
86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72
65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06
03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04
08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10
43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73
31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C
30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22
06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20
61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20
43 41 30 1E 17 0D 30 33 30 34 31 35 31 38 35 32
35 32 5A 17 0D 32 36 30 34 31 34 31 38 35 30 32
38 5A 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7
0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77
63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06
13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43
4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F
72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A
06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03
55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04
03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20
44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 5C
30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03
4B 00 30 48 02 41 00 C8 D5 A1 0E 0B 4A DB CE FB
19 07 DB 7C 26 8B F6 8A 47 41 4C 81 83 83 FE EC
E0 F7 1F 3B 86 AE E8 7A E9 A9 7B 0D 0F 4C F2 DE
D1 10 13 83 9E 12 CD C4 8A BC 7E BB FF B1 19 6D
9F 87 71 D2 57 A0 53 02 03 01 00 01 A3 81 FA 30
81 F7 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30
0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF
30 1D 06 03 55 1D 0E 04 16 04 14 5E 23 81 53 9C
80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 30
81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0
48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E
61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C
6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61
6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74
25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86
46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73
77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C
4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64
25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32
30 43 41 2E 63 72 6C 30 10 06 09 2B 06 01 04 01
82 37 15 01 04 03 02 01 01 30 0D 06 09 2A 86 48
86 F7 0D 01 01 05 05 00 03 41 00 3C AB 4F 15 45
29 EA B4 98 D9 28 25 EB E3 D5 0B AA EB B3 31 9C
75 95 6F 57 DC 1B 7C 6B CE 14 FE 73 95 FF 1D AA
07 15 22 CA 5A CA CC F6 8D 29 30 8C 2F 33 EE 22
7F C6 C5 FF 60 69 31 9C A3 1F 7D
record[main] SSLRecordProtocol:unwrap ] END, type: 22
socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP
record[main] SSLRecordProtocol.unwrap: BEGIN [
record[main] Got the message of type: 22
record[main] TLSCiphertext.fragment[13]: ...
0D 00 00 05 02 01 02 00 00 0E 00 00 00
prf[main] secret[48]:
03 01 98 D7 96 1D 63 7D E2 50 EF 4C 72 9C C6 C2
07 F7 8D E3 AA 34 9B 79 B5 BF 57 F8 71 73 2D C7
DE 88 49 08 4A A7 DB A2 9D B6 18 9E 87 BA C2 DC
prf[main] label[13]:
6D 61 73 74 65 72 20 73 65 63 72 65 74
prf[main] seed[64]:
16 16 16 16 C9 61 E8 E5 AF C5 5C 6E 8A C9 68 77
9D 47 46 66 CA 8C D2 4B FD 75 F3 96 78 AA FE 3E
45 3D 15 1B CF 40 57 BF 9C 29 6A 8C 19 DA A2 12
2B 26 B1 91 27 EB 82 85 FE FE CF E1 DD 04 27 F7
prf[main] MD5 key:
03 01 98 D7 96 1D 63 7D E2 50 EF 4C 72 9C C6 C2
07 F7 8D E3 AA 34 9B 79
prf[main] SHA1 key:
B5 BF 57 F8 71 73 2D C7 DE 88 49 08 4A A7 DB A2
9D B6 18 9E 87 BA C2 DC
prf[main] P_MD5:
8B 20 97 6F 9E 45 5B 74 EC BE EC 35 FC 9C 6F 3D
42 44 9F 74 03 C3 49 30 BC 0B F4 FB 29 04 58 25
C4 D8 D4 16 FB 75 51 57 02 C2 20 BF 92 BE EA 33
prf[main] PRF:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE
9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F
AF 21 F9 97 40 74 E6 31
record[main] SSLRecordProtocol:unwrap ] END, type: 22
socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP
record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[2773]:
0B 00 08 C7 00 08 C4 00 05 8B 30 82 05 87 30 82
05 31 A0 03 02 01 02 02 0A 09 18 7D 2C 00 01 00
00 0A 93 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7
0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77
63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06
13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43
4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F
72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A
06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03
55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04
03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20
44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E
17 0D 30 36 30 35 31 30 31 36 34 37 33 36 5A 17
0D 31 31 30 35 31 30 31 36 35 37 33 36 5A 30 81
90 31 30 30 2E 06 09 2A 86 48 86 F7 0D 01 09 01
16 21 67 65 72 61 6C 64 2E 6A 65 72 6F 6D 65 40
76 65 72 69 7A 6F 6E 62 75 73 69 6E 65 73 73 2E
63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53
31 0B 30 09 06 03 55 04 08 13 02 4F 52 31 11 30
0F 06 03 55 04 07 13 08 50 6F 72 74 6C 61 6E 64
31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0B
30 09 06 03 55 04 0B 13 02 49 54 31 14 30 12 06
03 55 04 03 13 0B 53 61 66 65 20 43 6C 69 65 6E
74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01
01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01
01 00 9A 44 E8 B1 CF 6A 49 5C 0A E7 E6 26 64 39
DF 73 A3 8B 59 23 6C 57 FC 0A F6 3D 82 53 51 C7
53 38 A3 7F CD A7 01 10 D4 9C B7 39 26 96 4A 61
35 81 93 11 E5 8D 54 54 B1 17 83 D6 05 95 9C E5
62 F3 5A B3 E3 43 F2 63 A2 87 12 DE EA 43 A4 41
BF 7E 8C DB 2C 17 2A B1 39 C8 DF A9 EE 74 12 D2
51 9C 7F 8F 45 AB A7 BE EB 3C 5A D9 D8 F9 19 5F
7C 9C 81 BB 06 0E 02 56 B9 6D CE 13 DE 53 C6 76
C2 BA 35 7E 00 A7 1E 6B 9C 92 B0 A8 17 24 F7 1E
AA CF B1 AF A3 7D 61 0A 83 C8 0F CE 8B 5A B6 7A
A0 EE 9C 57 57 7F 50 63 79 C4 7E C7 76 42 01 29
EC FA A2 52 09 9F 4E FC 15 25 1A 4A 7E 3F B2 F6
D0 55 3C 4E 1E AF 4A 71 FD 13 94 1A 0C 5B 42 AD
7F B7 97 5E AC 7C 1E 4A 9B DF A6 C6 C7 CC 57 F9
2E 93 AE 9E 17 70 03 A5 39 8D 6A 08 34 82 1A 7E
A7 90 86 6B 92 AA AB 64 DE B0 02 22 52 A2 FA 7C
9E 93 02 03 01 00 01 A3 82 02 98 30 82 02 94 30
1E 06 03 55 1D 11 04 17 30 15 82 0D 57 53 41 34
35 56 32 36 32 32 33 37 35 87 04 A6 2F AB 35 30
1D 06 03 55 1D 0E 04 16 04 14 A1 74 0F F6 08 97
1D 4F 30 2E 10 61 F3 ED 84 22 F0 53 91 72 30 81
D5 06 03 55 1D 23 04 81 CD 30 81 CA 80 14 5E 23
81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB
24 A3 A1 81 9F A4 81 9C 30 81 99 31 20 30 1E 06
09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74
2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30
09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03
55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07
13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E
67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49
31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24
30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73
74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E
74 20 43 41 82 10 2F 06 C1 83 30 75 AF A6 43 FB
5C 2A A4 FF D5 97 30 81 A5 06 03 55 1D 1F 04 81
9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70
3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65
72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54
65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65
6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C
30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C
5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74
45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73
74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F
70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 81
D2 06 08 2B 06 01 05 05 07 01 01 04 81 C5 30 81
C2 30 5E 06 08 2B 06 01 05 05 07 30 02 86 52 68
74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31
2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 6E 64 63 6E
61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73
74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F
70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72
74 30 60 06 08 2B 06 01 05 05 07 30 02 86 54 66
69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65
62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 6E 64
63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54
65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65
6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E
63 72 74 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
05 00 03 41 00 C0 1E DA AC 98 FB 2F C0 E0 3F 9D
F2 88 A5 59 3A 05 EC F2 A3 6F 65 A4 0E DD 20 1A
95 3D B6 84 34 A3 F1 17 30 BB F8 3A 6C A3 69 6F
7E B6 30 75 58 33 E8 33 FA E0 57 CE F0 D9 8D 5C
B9 B0 30 E6 BC 00 03 33 30 82 03 2F 30 82 02 D9
A0 03 02 01 02 02 10 2F 06 C1 83 30 75 AF A6 43
FB 5C 2A A4 FF D5 97 30 0D 06 09 2A 86 48 86 F7
0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A
86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72
65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06
03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04
08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10
43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73
31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C
30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22
06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20
61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20
43 41 30 1E 17 0D 30 33 30 34 31 35 31 38 35 32
35 32 5A 17 0D 32 36 30 34 31 34 31 38 35 30 32
38 5A 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7
0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77
63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06
13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43
4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F
72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A
06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03
55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04
03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20
44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 5C
30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03
4B 00 30 48 02 41 00 C8 D5 A1 0E 0B 4A DB CE FB
19 07 DB 7C 26 8B F6 8A 47 41 4C 81 83 83 FE EC
E0 F7 1F 3B 86 AE E8 7A E9 A9 7B 0D 0F 4C F2 DE
D1 10 13 83 9E 12 CD C4 8A BC 7E BB FF B1 19 6D
9F 87 71 D2 57 A0 53 02 03 01 00 01 A3 81 FA 30
81 F7 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30
0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF
30 1D 06 03 55 1D 0E 04 16 04 14 5E 23 81 53 9C
80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 30
81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0
48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E
61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C
6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61
6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74
25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86
46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73
77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C
4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64
25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32
30 43 41 2E 63 72 6C 30 10 06 09 2B 06 01 04 01
82 37 15 01 04 03 02 01 01 30 0D 06 09 2A 86 48
86 F7 0D 01 01 05 05 00 03 41 00 3C AB 4F 15 45
29 EA B4 98 D9 28 25 EB E3 D5 0B AA EB B3 31 9C
75 95 6F 57 DC 1B 7C 6B CE 14 FE 73 95 FF 1D AA
07 15 22 CA 5A CA CC F6 8D 29 30 8C 2F 33 EE 22
7F C6 C5 FF 60 69 31 9C A3 1F 7D 10 00 01 02 01
00 5B EA 41 74 83 1E 34 C4 B6 13 43 3A 7F 8A 54
75 F7 54 B4 5F 42 CC C9 A9 A7 4E 5F 3B F9 9F 4A
ED 60 29 6D 33 AF 88 23 F5 19 6F F3 2C 80 23 C0
7B 36 F7 6A BA A4 CE 0F BC 2C 8E B4 B0 FD 7C 57
DE 58 7C B8 DB D5 65 D7 0F CF C2 AB 01 78 C6 9D
6F 19 FE 0F F1 F8 C9 E6 0F DB 56 DD 8C 9F 58 83
92 F6 32 2C D7 DB 2D E0 21 E2 81 75 81 07 73 D2
A6 9C 82 65 94 E5 F5 63 FC 91 0F 3C EF 24 B2 D0
6A 28 57 7B 77 9A C8 ED FD 85 47 2C 63 53 C6 72
9E 2A CA 3F 88 F0 42 33 B6 61 16 25 CC A7 A1 FE
05 6A 93 FB 5E E3 19 05 3E 9A 53 4D 64 50 02 39
B7 1D 38 02 47 DC C7 E0 FB EC AE D1 6C 21 7B C7
8B B9 48 33 C4 75 16 B2 C4 3D 1E 66 16 7F 2B 5A
34 93 FC 80 7A 1A EC 6E FE 35 9A 71 5F 73 76 C0
57 6C 82 4F 20 E7 17 C8 CE 63 8B 15 85 25 32 AF
25 B8 9C D6 B9 0C C2 76 22 F1 26 4E E4 23 22 CD
45 0F 00 01 00 1F EE E9 98 FF 36 2D 8E 44 EF 92
B1 07 3F A7 F6 5E CE CE 4C 22 3F 39 F1 C7 1B 9D
26 9D 3E BD B2 4A A5 C4 7C 6D EE EE 0D 78 28 A9
BB 72 40 D5 A8 70 04 2A 6F 85 4F E4 CA C1 79 F5
BD 66 C8 38 C5 7E E9 FF A6 07 0B 15 59 F0 E6 C0
EB 72 8D 5F 33 DA F3 16 AA A3 D5 CF C3 A1 C3 EC
B4 90 FA 6F E3 2F D4 5E A1 BB FC 22 3C AC E1 92
00 6A 1E F4 42 C2 7F 9A 93 82 1E 49 5C 14 44 04
2F 3E 6F 62 15 56 C5 37 EA 1C FD 89 16 AF EC 32
AA 11 F4 72 F4 9B 95 4F 59 B0 31 84 99 FD 9F 2F
D2 A3 8F C3 7B CF AB 12 19 51 0B D7 AD 26 A5 C9
CB EC B8 18 AC 7B D8 2F F5 43 F6 E6 8F B5 BA B6
A8 05 96 34 A4 83 67 C4 FF 41 2F 98 A6 0C F7 5E
6A 88 74 D6 EB AD 40 6A 25 7E 9F 7E 17 6A 09 B4
4A B5 49 1A 1E EE 73 49 48 FC 0B D2 49 64 1C 09
B6 EF F0 E0 E6 43 ED AC 90 B6 7B F5 24 C1 32 5D
C3 7B 4D AC 57
socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP
prf[main] secret[48]:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B
AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31
prf[main] label[15]:
63 6C 69 65 6E 74 20 66 69 6E 69 73 68 65 64
prf[main] seed[36]:
34 0A 4E CB B7 BC A3 F9 DA E9 1B 2E BB 21 5B 1A
E0 1C 2C 8C 50 48 2D 70 EE 4F 51 57 05 70 F5 C4
08 3A 82 03
prf[main] MD5 key:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE
prf[main] SHA1 key:
C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F
AF 21 F9 97 40 74 E6 31
prf[main] P_MD5:
80 C3 AB C5 90 7B C9 C4 1A 07 94 51
prf[main] PRF:
22 AD 88 CB 4D 84 E0 F4 0B 08 3B A5
prf[main] secret[48]:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B
AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31
prf[main] label[15]:
73 65 72 76 65 72 20 66 69 6E 69 73 68 65 64
prf[main] seed[36]:
57 B8 73 27 91 03 35 4D 50 34 B2 D5 84 C5 C5 F5
82 3B 35 73 0B 1A AC 06 92 63 E7 DB 7D 56 37 2E
FE 4E C8 B9
prf[main] MD5 key:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE
prf[main] SHA1 key:
C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F
AF 21 F9 97 40 74 E6 31
prf[main] P_MD5:
85 F4 99 31 A2 20 21 58 FF 66 A0 9A
prf[main] PRF:
B7 CC 42 A7 2D 0E 82 24 E6 7A 81 60
record[main] SSLRecordProtocol.setSession: Set pending session
record[main] cipher name: TLS_RSA_WITH_RC4_128_MD5
prf[main] secret[48]:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B
AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31
prf[main] label[13]:
6B 65 79 20 65 78 70 61 6E 73 69 6F 6E
prf[main] seed[64]:
45 3D 15 1B CF 40 57 BF 9C 29 6A 8C 19 DA A2 12
2B 26 B1 91 27 EB 82 85 FE FE CF E1 DD 04 27 F7
16 16 16 16 C9 61 E8 E5 AF C5 5C 6E 8A C9 68 77
9D 47 46 66 CA 8C D2 4B FD 75 F3 96 78 AA FE 3E
prf[main] MD5 key:
76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44
A0 BC 88 AE 9B 1E A0 EE
prf[main] SHA1 key:
C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F
AF 21 F9 97 40 74 E6 31
prf[main] P_MD5:
F7 4B D9 30 FC 72 95 5E 8A 51 58 F8 02 FF 24 4B
67 F3 1E 3A 2D 2E CB C5 E4 19 BE 37 4F CD B0 2D
5C 29 B6 02 EA 5A 96 37 75 72 1D 23 DC 06 BD 07
82 BD D4 F6 9D B0 4A D4 AE 08 D3 93 FA 6F B5 41
prf[main] PRF:
80 6F CA 49 51 AE 05 BE F7 4B 8E 0C 78 08 30 E3 97 C5 A4 4C
8B E3 21 21 7F 25 68 30 B7 5D ED A6 20 38 18 01 53 FC D8 F4
B6 A1 29 B0 8E 3A CE 04 16 B3 22 86 EC E0 27 DD 8B EA C6 A0
FC 89 A3 00
record[main] SSLRecordProtocol.getChangeCipherSpecMesage
record[main] activeWriteState = pendingConnectionState
14 03 01 00 01 01
socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP
record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[16]:
14 00 00 0C 22 AD 88 CB 4D 84 E0 F4 0B 08 3B A5
record[main] SSLRecordProtocol.wrap: TLSCiphertext.fragment[32]:
11 08 A7 6D 60 CA C9 4E 48 6A A3 D3 30 1B 65 4C
22 75 99 2F 02 60 71 81 0F 4E B3 E5 FA D1 31 64
socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP
record[main] SSLRecordProtocol.unwrap: BEGIN [
record[main] Got the message of type: 21
record[main] TLSCiphertext.fragment[2]: ...
02 32
record[main] SSLRecordProtocol.allert: 2 50
record[main] SSLRecordProtocol:unwrap ] END, type: 21
javax.net.ssl.SSLException: Fatal alert received decode_error
at
org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.processAlert(SSLSocketIm
pl.java:791)
at
org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.doHandshake(SSLSocketImp
l.java:732)
at
org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.startHandshake(SSLSocket
Impl.java:438)
at CreateSSLEng.<init>(CreateSSLEng.java:72)
at CreateSSLEng.main(CreateSSLEng.java:93)
Thanks for helping. Hopefully we'll get this solved soon.
Regards,
Gerald Jerome
Vnet 262-2375
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
(working copy)
@@ -71,6 +71,7 @@
public DigitalSignature(int keyExchange) {
try {
if (keyExchange == CipherSuite.KeyExchange_RSA_EXPORT ||
+ keyExchange == CipherSuite.KeyExchange_RSA ||
keyExchange == CipherSuite.KeyExchange_DHE_RSA ||
keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
// SignatureAlgorithm is rsa
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
(working copy)
@@ -29,6 +29,7 @@
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.CertificateException;
@@ -366,6 +367,8 @@
* client messages, computers masterSecret, sends ChangeCipherSpec
*/
void processServerHelloDone() {
+ PrivateKey clientKey = null;
+
if (serverCert != null) {
if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon
|| session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon_EXPORT) {
@@ -389,8 +392,10 @@
.getTypesAsString(),
certificateRequest.certificate_authorities, null);
if (clientAlias != null) {
- certs = ((X509ExtendedKeyManager) parameters.getKeyManager())
- .getCertificateChain((clientAlias));
+ X509ExtendedKeyManager km = (X509ExtendedKeyManager) parameters
+ .getKeyManager();
+ certs = km.getCertificateChain((clientAlias));
+ clientKey = km.getPrivateKey(clientAlias);
}
session.localCertificates = certs;
clientCert = new CertificateMessage(certs);
@@ -503,27 +508,29 @@
computerMasterSecret();
- if (clientCert != null) {
- boolean[] keyUsage = clientCert.certs[0].getKeyUsage();
- if (keyUsage != null && keyUsage[0]) {
- // Certificate verify
- DigitalSignature ds = new DigitalSignature(
- session.cipherSuite.keyExchange);
- if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA_EXPORT
- || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA
- || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
- ds.setMD5(io_stream.getDigestMD5());
- ds.setSHA(io_stream.getDigestSHA());
- } else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS
- || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS_EXPORT) {
- ds.setSHA(io_stream.getDigestSHA());
- // The Signature should be empty in case of anonimous
signature algorithm:
- // } else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon ||
- // session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon_EXPORT) {
- }
- certificateVerify = new CertificateVerify(ds.sign());
- send(certificateVerify);
+ // send certificate verify for all certificates except those containing
+ // fixed DH parameters
+ if (clientCert != null && !clientKeyExchange.isEmpty()) {
+ // Certificate verify
+ DigitalSignature ds = new DigitalSignature(
+ session.cipherSuite.keyExchange);
+ ds.init(clientKey);
+
+ if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA_EXPORT
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
+ ds.setMD5(io_stream.getDigestMD5());
+ ds.setSHA(io_stream.getDigestSHA());
+ } else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS_EXPORT) {
+ ds.setSHA(io_stream.getDigestSHA());
+ // The Signature should be empty in case of anonimous signature
algorithm:
+ // } else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon ||
+ // session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon_EXPORT) {
}
+ certificateVerify = new CertificateVerify(ds.sign());
+ send(certificateVerify);
}
sendChangeCipherSpec();
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java
(working copy)
@@ -425,6 +425,30 @@
}
/**
+ * Returns the MD5 digest of the data passed throught the stream
+ * except last message
+ * @return MD5 digest
+ */
+ protected byte[] getDigestMD5withoutLast() {
+ synchronized (md5) {
+ md5.update(buffer, 0, marked_pos);
+ return md5.digest();
+ }
+ }
+
+ /**
+ * Returns the SHA-1 digest of the data passed throught the stream
+ * except last message
+ * @return SHA-1 digest
+ */
+ protected byte[] getDigestSHAwithoutLast() {
+ synchronized (sha) {
+ sha.update(buffer, 0, marked_pos);
+ return sha.digest();
+ }
+ }
+
+ /**
* Returns all the data passed throught the stream
* @return all the data passed throught the stream at the moment
*/
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
(working copy)
@@ -29,6 +29,7 @@
import java.io.IOException;
import java.security.cert.X509Certificate;
+import java.util.Vector;
import javax.security.auth.x500.X500Principal;
@@ -57,7 +58,7 @@
/**
* Certificate authorities
*/
- final X500Principal[] certificate_authorities;
+ X500Principal[] certificate_authorities;
//Requested certificate types as Strings
// ("RSA", "DSA", "DH_RSA" or "DH_DSA")
@@ -109,12 +110,17 @@
certificate_authorities = new X500Principal[size];
int totalPrincipalsLength = 0;
int principalLength = 0;
- for (int i = 0; i < size; i++) {
+ Vector principals = new Vector();
+ while (totalPrincipalsLength < size) {
principalLength = in.readUint16(); // encoded X500Principal size
- certificate_authorities[i] = new X500Principal(in);
+ principals.add(new X500Principal(in));
totalPrincipalsLength += 2;
totalPrincipalsLength += principalLength;
}
+ certificate_authorities = new X500Principal[principals.size()];
+ for (int i = 0; i < certificate_authorities.length; i++) {
+ certificate_authorities[i] = (X500Principal)
principals.elementAt(i);
+ }
this.length = 3 + certificate_types.length + totalPrincipalsLength;
if (this.length != length) {
fatalAlert(AlertProtocol.DECODE_ERROR,
@@ -134,8 +140,12 @@
for (int i = 0; i < certificate_types.length; i++) {
out.write(certificate_types[i]);
}
- out.writeUint16(certificate_authorities.length);
+ int authoritiesLength = 0;
for (int i = 0; i < certificate_authorities.length; i++) {
+ authoritiesLength += encoded_principals[i].length +2;
+ }
+ out.writeUint16(authoritiesLength);
+ for (int i = 0; i < certificate_authorities.length; i++) {
out.writeUint16(encoded_principals[i].length);
out.write(encoded_principals[i]);
}
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
(working copy)
@@ -184,29 +184,19 @@
certificateVerify = new CertificateVerify(io_stream,
length);
DigitalSignature ds = new
DigitalSignature(session.cipherSuite.keyExchange);
+ ds.init(serverCert.certs[0]);
byte[] md5_hash = null;
byte[] sha_hash = null;
- PublicKey pk = serverCert.certs[0].getPublicKey();
- if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA_EXPORT) {
- int l;
- try {
- l = getRSAKeyLength(pk);
- } catch (Exception e) {
- fatalAlert(AlertProtocol.INTERNAL_ERROR,
- "INTERNAL ERROR", e);
- return;
- }
- if (l > 512) { // key is longer than 512 bits
- md5_hash = io_stream.getDigestMD5();
- sha_hash = io_stream.getDigestSHA();
- }
- } else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA
+
+ if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA_EXPORT
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_RSA
+ || session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA
|| session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
- md5_hash = io_stream.getDigestMD5();
- sha_hash = io_stream.getDigestSHA();
+ md5_hash = io_stream.getDigestMD5withoutLast();
+ sha_hash = io_stream.getDigestSHAwithoutLast();
} else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS
|| session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DHE_DSS_EXPORT) {
- sha_hash = io_stream.getDigestSHA();
+ sha_hash = io_stream.getDigestSHAwithoutLast();
} else if (session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon
|| session.cipherSuite.keyExchange ==
CipherSuite.KeyExchange_DH_anon_EXPORT) {
}
@@ -712,7 +702,7 @@
} else {
if ((parameters.getNeedClientAuth() && clientCert == null)
|| clientKeyExchange == null
- || (clientKeyExchange.isEmpty() && certificateVerify ==
null)) {
+ || (clientCert != null && !clientKeyExchange.isEmpty() &&
certificateVerify == null)) {
unexpectedMessage();
} else {
changeCipherSpecReceived = true;
Index:
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java
===================================================================
---
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java
(revision 466937)
+++
modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java
(working copy)
@@ -63,11 +63,12 @@
throws IOException {
if (length == 0) {
signedHash = new byte[0];
- } else if (length == 20 || length == 36) {
- signedHash = in.read(length);
} else {
- fatalAlert(AlertProtocol.DECODE_ERROR,
- "DECODE ERROR: incorrect CertificateVerify");
+ if (in.readUint16() != length - 2) {
+ fatalAlert(AlertProtocol.DECODE_ERROR,
+ "DECODE ERROR: incorrect CertificateVerify");
+ }
+ signedHash = in.read(length -2);
}
this.length = length;
}
@@ -79,6 +80,7 @@
*/
public void send(HandshakeIODataStream out) {
if (signedHash.length != 0) {
+ out.writeUint16(signedHash.length);
out.write(signedHash);
}
}
