Hi Gerald, The problem was with CertificateRequest message – it was made with incorrect length of certificate_authorities vector. Please, try attached patch. Before applying the patch please revert all previously patched files to their initial state:
%Harmony_WS_Root%> svn revert modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse Thank you for your assistance, Alexander Kleymenov On 10/24/06, Gerald Jerome <[EMAIL PROTECTED]> wrote:
Hello Alexander, Unfortunately, I'm still getting the decode_error after making the changes referenced in patch3.txt. I've attached a .tar file to this reply so you can verify I made the appropriate changes (.zip files will not go through our email server). Below is the debug output I receive: socket[main] SSLSocketImpl: CLIENT socket[main] SSLSocketImpl.startHandshake socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[67]: 01 00 00 3F 03 01 16 16 16 16 C9 61 E8 E5 AF C5 5C 6E 8A C9 68 77 9D 47 46 66 CA 8C D2 4B FD 75 F3 96 78 AA FE 3E 00 00 18 00 04 00 05 00 0A 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP record[main] SSLRecordProtocol.unwrap: BEGIN [ record[main] Got the message of type: 22 record[main] TLSCiphertext.fragment[74]: ... 02 00 00 46 03 01 45 3D 15 1B CF 40 57 BF 9C 29 6A 8C 19 DA A2 12 2B 26 B1 91 27 EB 82 85 FE FE CF E1 DD 04 27 F7 20 ED 32 80 1B BA 25 B3 64 24 0E 7C C0 9E 34 AC 0D 8F 41 78 0D 04 FE 96 D6 1D 2F 03 67 C6 44 B5 AF 00 04 00 record[main] SSLRecordProtocol:unwrap ] END, type: 22 socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP record[main] SSLRecordProtocol.unwrap: BEGIN [ record[main] Got the message of type: 22 record[main] TLSCiphertext.fragment[2235]: ... 0B 00 08 B7 00 08 B4 00 05 7B 30 82 05 77 30 82 05 21 A0 03 02 01 02 02 0A 27 34 7A FD 00 01 00 00 09 FA 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E 17 0D 30 36 30 34 32 31 31 36 33 35 32 32 5A 17 0D 31 31 30 34 32 31 31 36 34 35 32 32 5A 30 81 84 31 23 30 21 06 09 2A 86 48 86 F7 0D 01 09 01 16 14 6D 61 63 69 65 6A 2E 6E 6F 77 61 6B 40 6D 63 69 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 4E 59 31 12 30 10 06 03 55 04 07 13 09 52 79 65 20 42 72 6F 6F 6B 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0B 30 09 06 03 55 04 0B 13 02 49 54 31 14 30 12 06 03 55 04 03 13 0B 53 61 66 65 20 53 65 72 76 65 72 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 D0 99 17 A4 C3 84 6D 81 B3 6C 9B A3 82 F4 26 6D 84 6E 1C 4E ED 5D BD A8 D2 42 23 5F C6 54 38 13 09 DF 85 4D BF C3 58 7F 50 B3 80 D2 D5 03 6E 3E 68 9F DC 48 A6 09 D1 12 83 F5 CF FE 7D 0F 11 9D CF 1A 87 99 A5 64 1B AB 24 F1 98 1A 81 84 49 38 1A 0F D6 C8 20 5D 24 5F 02 6F 49 72 B5 FA 8C 56 46 0B 25 F9 10 DB 0C 20 77 60 38 1D 18 2E 4C 50 BD 7C A8 64 F5 6E 39 5E 44 62 7B D5 A7 93 04 3C 71 3C F7 9D B7 B9 42 86 1E 4D 10 51 C3 26 95 15 2C A1 9D 3D A3 D8 38 31 32 70 5E F9 B1 8B 30 6A 0E AB 10 7E EA 7C E7 FA 7A 46 45 81 51 14 28 95 30 51 70 B9 7E C6 87 18 5F D4 B3 B4 25 1C 73 64 9C 60 AC AB DF F3 6E 54 11 47 8C 96 6E 88 19 8C 25 B5 74 66 DB 4C FD F0 33 13 C4 DF 6B 4F 30 1F 94 E6 45 81 12 CD 33 64 69 A1 7A 20 73 E9 0B 88 FA 1D EF 35 FF 73 6E CC 25 CF B1 C0 D2 24 80 97 02 03 01 00 01 A3 82 02 94 30 82 02 90 30 1A 06 03 55 1D 11 04 13 30 11 82 09 6F 6D 7A 73 72 76 30 39 30 87 04 A6 25 D6 1E 30 1D 06 03 55 1D 0E 04 16 04 14 73 F7 B1 30 41 13 95 DD F2 46 F3 AC B5 C6 45 8C 01 AE 30 F7 30 81 D5 06 03 55 1D 23 04 81 CD 30 81 CA 80 14 5E 23 81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 A1 81 9F A4 81 9C 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 82 10 2F 06 C1 83 30 75 AF A6 43 FB 5C 2A A4 FF D5 97 30 81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 81 D2 06 08 2B 06 01 05 05 07 01 01 04 81 C5 30 81 C2 30 5E 06 08 2B 06 01 05 05 07 30 02 86 52 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 6E 64 63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72 74 30 60 06 08 2B 06 01 05 05 07 30 02 86 54 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 6E 64 63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72 74 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 4B B1 87 EB 38 FF 03 C4 DE 8E D3 AA FA 8C D3 68 26 C8 C0 01 94 F1 E1 3D ED F8 48 D9 E5 D5 23 B7 C5 DF 58 DA 87 28 0A C2 85 37 A5 45 84 58 93 34 3C A1 5F 40 D7 27 15 50 78 36 7C C3 EB C2 29 C3 00 03 33 30 82 03 2F 30 82 02 D9 A0 03 02 01 02 02 10 2F 06 C1 83 30 75 AF A6 43 FB 5C 2A A4 FF D5 97 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E 17 0D 30 33 30 34 31 35 31 38 35 32 35 32 5A 17 0D 32 36 30 34 31 34 31 38 35 30 32 38 5A 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 5C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 48 02 41 00 C8 D5 A1 0E 0B 4A DB CE FB 19 07 DB 7C 26 8B F6 8A 47 41 4C 81 83 83 FE EC E0 F7 1F 3B 86 AE E8 7A E9 A9 7B 0D 0F 4C F2 DE D1 10 13 83 9E 12 CD C4 8A BC 7E BB FF B1 19 6D 9F 87 71 D2 57 A0 53 02 03 01 00 01 A3 81 FA 30 81 F7 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 5E 23 81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 30 81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 3C AB 4F 15 45 29 EA B4 98 D9 28 25 EB E3 D5 0B AA EB B3 31 9C 75 95 6F 57 DC 1B 7C 6B CE 14 FE 73 95 FF 1D AA 07 15 22 CA 5A CA CC F6 8D 29 30 8C 2F 33 EE 22 7F C6 C5 FF 60 69 31 9C A3 1F 7D record[main] SSLRecordProtocol:unwrap ] END, type: 22 socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP record[main] SSLRecordProtocol.unwrap: BEGIN [ record[main] Got the message of type: 22 record[main] TLSCiphertext.fragment[13]: ... 0D 00 00 05 02 01 02 00 00 0E 00 00 00 prf[main] secret[48]: 03 01 98 D7 96 1D 63 7D E2 50 EF 4C 72 9C C6 C2 07 F7 8D E3 AA 34 9B 79 B5 BF 57 F8 71 73 2D C7 DE 88 49 08 4A A7 DB A2 9D B6 18 9E 87 BA C2 DC prf[main] label[13]: 6D 61 73 74 65 72 20 73 65 63 72 65 74 prf[main] seed[64]: 16 16 16 16 C9 61 E8 E5 AF C5 5C 6E 8A C9 68 77 9D 47 46 66 CA 8C D2 4B FD 75 F3 96 78 AA FE 3E 45 3D 15 1B CF 40 57 BF 9C 29 6A 8C 19 DA A2 12 2B 26 B1 91 27 EB 82 85 FE FE CF E1 DD 04 27 F7 prf[main] MD5 key: 03 01 98 D7 96 1D 63 7D E2 50 EF 4C 72 9C C6 C2 07 F7 8D E3 AA 34 9B 79 prf[main] SHA1 key: B5 BF 57 F8 71 73 2D C7 DE 88 49 08 4A A7 DB A2 9D B6 18 9E 87 BA C2 DC prf[main] P_MD5: 8B 20 97 6F 9E 45 5B 74 EC BE EC 35 FC 9C 6F 3D 42 44 9F 74 03 C3 49 30 BC 0B F4 FB 29 04 58 25 C4 D8 D4 16 FB 75 51 57 02 C2 20 BF 92 BE EA 33 prf[main] PRF: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 record[main] SSLRecordProtocol:unwrap ] END, type: 22 socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[2773]: 0B 00 08 C7 00 08 C4 00 05 8B 30 82 05 87 30 82 05 31 A0 03 02 01 02 02 0A 09 18 7D 2C 00 01 00 00 0A 93 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E 17 0D 30 36 30 35 31 30 31 36 34 37 33 36 5A 17 0D 31 31 30 35 31 30 31 36 35 37 33 36 5A 30 81 90 31 30 30 2E 06 09 2A 86 48 86 F7 0D 01 09 01 16 21 67 65 72 61 6C 64 2E 6A 65 72 6F 6D 65 40 76 65 72 69 7A 6F 6E 62 75 73 69 6E 65 73 73 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 4F 52 31 11 30 0F 06 03 55 04 07 13 08 50 6F 72 74 6C 61 6E 64 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0B 30 09 06 03 55 04 0B 13 02 49 54 31 14 30 12 06 03 55 04 03 13 0B 53 61 66 65 20 43 6C 69 65 6E 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 9A 44 E8 B1 CF 6A 49 5C 0A E7 E6 26 64 39 DF 73 A3 8B 59 23 6C 57 FC 0A F6 3D 82 53 51 C7 53 38 A3 7F CD A7 01 10 D4 9C B7 39 26 96 4A 61 35 81 93 11 E5 8D 54 54 B1 17 83 D6 05 95 9C E5 62 F3 5A B3 E3 43 F2 63 A2 87 12 DE EA 43 A4 41 BF 7E 8C DB 2C 17 2A B1 39 C8 DF A9 EE 74 12 D2 51 9C 7F 8F 45 AB A7 BE EB 3C 5A D9 D8 F9 19 5F 7C 9C 81 BB 06 0E 02 56 B9 6D CE 13 DE 53 C6 76 C2 BA 35 7E 00 A7 1E 6B 9C 92 B0 A8 17 24 F7 1E AA CF B1 AF A3 7D 61 0A 83 C8 0F CE 8B 5A B6 7A A0 EE 9C 57 57 7F 50 63 79 C4 7E C7 76 42 01 29 EC FA A2 52 09 9F 4E FC 15 25 1A 4A 7E 3F B2 F6 D0 55 3C 4E 1E AF 4A 71 FD 13 94 1A 0C 5B 42 AD 7F B7 97 5E AC 7C 1E 4A 9B DF A6 C6 C7 CC 57 F9 2E 93 AE 9E 17 70 03 A5 39 8D 6A 08 34 82 1A 7E A7 90 86 6B 92 AA AB 64 DE B0 02 22 52 A2 FA 7C 9E 93 02 03 01 00 01 A3 82 02 98 30 82 02 94 30 1E 06 03 55 1D 11 04 17 30 15 82 0D 57 53 41 34 35 56 32 36 32 32 33 37 35 87 04 A6 2F AB 35 30 1D 06 03 55 1D 0E 04 16 04 14 A1 74 0F F6 08 97 1D 4F 30 2E 10 61 F3 ED 84 22 F0 53 91 72 30 81 D5 06 03 55 1D 23 04 81 CD 30 81 CA 80 14 5E 23 81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 A1 81 9F A4 81 9C 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 82 10 2F 06 C1 83 30 75 AF A6 43 FB 5C 2A A4 FF D5 97 30 81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 81 D2 06 08 2B 06 01 05 05 07 01 01 04 81 C5 30 81 C2 30 5E 06 08 2B 06 01 05 05 07 30 02 86 52 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 6E 64 63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72 74 30 60 06 08 2B 06 01 05 05 07 30 02 86 54 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 6E 64 63 6E 61 73 77 65 62 31 5F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 28 31 29 2E 63 72 74 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 C0 1E DA AC 98 FB 2F C0 E0 3F 9D F2 88 A5 59 3A 05 EC F2 A3 6F 65 A4 0E DD 20 1A 95 3D B6 84 34 A3 F1 17 30 BB F8 3A 6C A3 69 6F 7E B6 30 75 58 33 E8 33 FA E0 57 CE F0 D9 8D 5C B9 B0 30 E6 BC 00 03 33 30 82 03 2F 30 82 02 D9 A0 03 02 01 02 02 10 2F 06 C1 83 30 75 AF A6 43 FB 5C 2A A4 FF D5 97 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 1E 17 0D 30 33 30 34 31 35 31 38 35 32 35 32 5A 17 0D 32 36 30 34 31 34 31 38 35 30 32 38 5A 30 81 99 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 01 16 11 63 65 72 74 2D 72 65 71 40 77 63 6F 6D 2E 63 6F 6D 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 43 4F 31 19 30 17 06 03 55 04 07 13 10 43 6F 6C 6F 72 61 64 6F 20 53 70 72 69 6E 67 73 31 0C 30 0A 06 03 55 04 0A 13 03 4D 43 49 31 0C 30 0A 06 03 55 04 0B 13 03 4E 41 53 31 24 30 22 06 03 55 04 03 13 1B 4D 43 49 20 54 65 73 74 20 61 6E 64 20 44 65 76 65 6C 6F 70 6D 65 6E 74 20 43 41 30 5C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 48 02 41 00 C8 D5 A1 0E 0B 4A DB CE FB 19 07 DB 7C 26 8B F6 8A 47 41 4C 81 83 83 FE EC E0 F7 1F 3B 86 AE E8 7A E9 A9 7B 0D 0F 4C F2 DE D1 10 13 83 9E 12 CD C4 8A BC 7E BB FF B1 19 6D 9F 87 71 D2 57 A0 53 02 03 01 00 01 A3 81 FA 30 81 F7 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 5E 23 81 53 9C 80 7B B7 E8 26 A3 72 5C 34 98 FC C0 CB 24 A3 30 81 A5 06 03 55 1D 1F 04 81 9D 30 81 9A 30 4A A0 48 A0 46 86 44 68 74 74 70 3A 2F 2F 6E 64 63 6E 61 73 77 65 62 31 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 4C A0 4A A0 48 86 46 66 69 6C 65 3A 2F 2F 5C 5C 6E 64 63 6E 61 73 77 65 62 31 5C 43 65 72 74 45 6E 72 6F 6C 6C 5C 4D 43 49 25 32 30 54 65 73 74 25 32 30 61 6E 64 25 32 30 44 65 76 65 6C 6F 70 6D 65 6E 74 25 32 30 43 41 2E 63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 3C AB 4F 15 45 29 EA B4 98 D9 28 25 EB E3 D5 0B AA EB B3 31 9C 75 95 6F 57 DC 1B 7C 6B CE 14 FE 73 95 FF 1D AA 07 15 22 CA 5A CA CC F6 8D 29 30 8C 2F 33 EE 22 7F C6 C5 FF 60 69 31 9C A3 1F 7D 10 00 01 02 01 00 5B EA 41 74 83 1E 34 C4 B6 13 43 3A 7F 8A 54 75 F7 54 B4 5F 42 CC C9 A9 A7 4E 5F 3B F9 9F 4A ED 60 29 6D 33 AF 88 23 F5 19 6F F3 2C 80 23 C0 7B 36 F7 6A BA A4 CE 0F BC 2C 8E B4 B0 FD 7C 57 DE 58 7C B8 DB D5 65 D7 0F CF C2 AB 01 78 C6 9D 6F 19 FE 0F F1 F8 C9 E6 0F DB 56 DD 8C 9F 58 83 92 F6 32 2C D7 DB 2D E0 21 E2 81 75 81 07 73 D2 A6 9C 82 65 94 E5 F5 63 FC 91 0F 3C EF 24 B2 D0 6A 28 57 7B 77 9A C8 ED FD 85 47 2C 63 53 C6 72 9E 2A CA 3F 88 F0 42 33 B6 61 16 25 CC A7 A1 FE 05 6A 93 FB 5E E3 19 05 3E 9A 53 4D 64 50 02 39 B7 1D 38 02 47 DC C7 E0 FB EC AE D1 6C 21 7B C7 8B B9 48 33 C4 75 16 B2 C4 3D 1E 66 16 7F 2B 5A 34 93 FC 80 7A 1A EC 6E FE 35 9A 71 5F 73 76 C0 57 6C 82 4F 20 E7 17 C8 CE 63 8B 15 85 25 32 AF 25 B8 9C D6 B9 0C C2 76 22 F1 26 4E E4 23 22 CD 45 0F 00 01 00 1F EE E9 98 FF 36 2D 8E 44 EF 92 B1 07 3F A7 F6 5E CE CE 4C 22 3F 39 F1 C7 1B 9D 26 9D 3E BD B2 4A A5 C4 7C 6D EE EE 0D 78 28 A9 BB 72 40 D5 A8 70 04 2A 6F 85 4F E4 CA C1 79 F5 BD 66 C8 38 C5 7E E9 FF A6 07 0B 15 59 F0 E6 C0 EB 72 8D 5F 33 DA F3 16 AA A3 D5 CF C3 A1 C3 EC B4 90 FA 6F E3 2F D4 5E A1 BB FC 22 3C AC E1 92 00 6A 1E F4 42 C2 7F 9A 93 82 1E 49 5C 14 44 04 2F 3E 6F 62 15 56 C5 37 EA 1C FD 89 16 AF EC 32 AA 11 F4 72 F4 9B 95 4F 59 B0 31 84 99 FD 9F 2F D2 A3 8F C3 7B CF AB 12 19 51 0B D7 AD 26 A5 C9 CB EC B8 18 AC 7B D8 2F F5 43 F6 E6 8F B5 BA B6 A8 05 96 34 A4 83 67 C4 FF 41 2F 98 A6 0C F7 5E 6A 88 74 D6 EB AD 40 6A 25 7E 9F 7E 17 6A 09 B4 4A B5 49 1A 1E EE 73 49 48 FC 0B D2 49 64 1C 09 B6 EF F0 E0 E6 43 ED AC 90 B6 7B F5 24 C1 32 5D C3 7B 4D AC 57 socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP prf[main] secret[48]: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] label[15]: 63 6C 69 65 6E 74 20 66 69 6E 69 73 68 65 64 prf[main] seed[36]: 34 0A 4E CB B7 BC A3 F9 DA E9 1B 2E BB 21 5B 1A E0 1C 2C 8C 50 48 2D 70 EE 4F 51 57 05 70 F5 C4 08 3A 82 03 prf[main] MD5 key: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE prf[main] SHA1 key: C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] P_MD5: 80 C3 AB C5 90 7B C9 C4 1A 07 94 51 prf[main] PRF: 22 AD 88 CB 4D 84 E0 F4 0B 08 3B A5 prf[main] secret[48]: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] label[15]: 73 65 72 76 65 72 20 66 69 6E 69 73 68 65 64 prf[main] seed[36]: 57 B8 73 27 91 03 35 4D 50 34 B2 D5 84 C5 C5 F5 82 3B 35 73 0B 1A AC 06 92 63 E7 DB 7D 56 37 2E FE 4E C8 B9 prf[main] MD5 key: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE prf[main] SHA1 key: C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] P_MD5: 85 F4 99 31 A2 20 21 58 FF 66 A0 9A prf[main] PRF: B7 CC 42 A7 2D 0E 82 24 E6 7A 81 60 record[main] SSLRecordProtocol.setSession: Set pending session record[main] cipher name: TLS_RSA_WITH_RC4_128_MD5 prf[main] secret[48]: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] label[13]: 6B 65 79 20 65 78 70 61 6E 73 69 6F 6E prf[main] seed[64]: 45 3D 15 1B CF 40 57 BF 9C 29 6A 8C 19 DA A2 12 2B 26 B1 91 27 EB 82 85 FE FE CF E1 DD 04 27 F7 16 16 16 16 C9 61 E8 E5 AF C5 5C 6E 8A C9 68 77 9D 47 46 66 CA 8C D2 4B FD 75 F3 96 78 AA FE 3E prf[main] MD5 key: 76 F7 15 48 70 51 F9 7F B1 80 FD 2F 18 67 6F 44 A0 BC 88 AE 9B 1E A0 EE prf[main] SHA1 key: C2 55 BA AF 01 C9 1D 3B AC 79 C1 64 FD 9A ED 1F AF 21 F9 97 40 74 E6 31 prf[main] P_MD5: F7 4B D9 30 FC 72 95 5E 8A 51 58 F8 02 FF 24 4B 67 F3 1E 3A 2D 2E CB C5 E4 19 BE 37 4F CD B0 2D 5C 29 B6 02 EA 5A 96 37 75 72 1D 23 DC 06 BD 07 82 BD D4 F6 9D B0 4A D4 AE 08 D3 93 FA 6F B5 41 prf[main] PRF: 80 6F CA 49 51 AE 05 BE F7 4B 8E 0C 78 08 30 E3 97 C5 A4 4C 8B E3 21 21 7F 25 68 30 B7 5D ED A6 20 38 18 01 53 FC D8 F4 B6 A1 29 B0 8E 3A CE 04 16 B3 22 86 EC E0 27 DD 8B EA C6 A0 FC 89 A3 00 record[main] SSLRecordProtocol.getChangeCipherSpecMesage record[main] activeWriteState = pendingConnectionState 14 03 01 00 01 01 socket[main] SSLSocketImpl: HS status: NEED_WRAP NEED_WRAP record[main] SSLRecordProtocol.wrap: TLSPlaintext.fragment[16]: 14 00 00 0C 22 AD 88 CB 4D 84 E0 F4 0B 08 3B A5 record[main] SSLRecordProtocol.wrap: TLSCiphertext.fragment[32]: 11 08 A7 6D 60 CA C9 4E 48 6A A3 D3 30 1B 65 4C 22 75 99 2F 02 60 71 81 0F 4E B3 E5 FA D1 31 64 socket[main] SSLSocketImpl: HS status: NEED_UNWRAP NEED_UNWRAP record[main] SSLRecordProtocol.unwrap: BEGIN [ record[main] Got the message of type: 21 record[main] TLSCiphertext.fragment[2]: ... 02 32 record[main] SSLRecordProtocol.allert: 2 50 record[main] SSLRecordProtocol:unwrap ] END, type: 21 javax.net.ssl.SSLException: Fatal alert received decode_error at org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.processAlert(SSLSocketIm pl.java:791) at org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.doHandshake(SSLSocketImp l.java:732) at org.apache.harmony.xnet.provider.jsse.SSLSocketImpl.startHandshake(SSLSocket Impl.java:438) at CreateSSLEng.<init>(CreateSSLEng.java:72) at CreateSSLEng.main(CreateSSLEng.java:93) Thanks for helping. Hopefully we'll get this solved soon. Regards, Gerald Jerome Vnet 262-2375
Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java (working copy) @@ -71,6 +71,7 @@ public DigitalSignature(int keyExchange) { try { if (keyExchange == CipherSuite.KeyExchange_RSA_EXPORT || + keyExchange == CipherSuite.KeyExchange_RSA || keyExchange == CipherSuite.KeyExchange_DHE_RSA || keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) { // SignatureAlgorithm is rsa Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java (working copy) @@ -29,6 +29,7 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.PrivilegedExceptionAction; import java.security.PublicKey; import java.security.cert.CertificateException; @@ -366,6 +367,8 @@ * client messages, computers masterSecret, sends ChangeCipherSpec */ void processServerHelloDone() { + PrivateKey clientKey = null; + if (serverCert != null) { if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) { @@ -389,8 +392,10 @@ .getTypesAsString(), certificateRequest.certificate_authorities, null); if (clientAlias != null) { - certs = ((X509ExtendedKeyManager) parameters.getKeyManager()) - .getCertificateChain((clientAlias)); + X509ExtendedKeyManager km = (X509ExtendedKeyManager) parameters + .getKeyManager(); + certs = km.getCertificateChain((clientAlias)); + clientKey = km.getPrivateKey(clientAlias); } session.localCertificates = certs; clientCert = new CertificateMessage(certs); @@ -503,27 +508,29 @@ computerMasterSecret(); - if (clientCert != null) { - boolean[] keyUsage = clientCert.certs[0].getKeyUsage(); - if (keyUsage != null && keyUsage[0]) { - // Certificate verify - DigitalSignature ds = new DigitalSignature( - session.cipherSuite.keyExchange); - if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT - || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA - || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) { - ds.setMD5(io_stream.getDigestMD5()); - ds.setSHA(io_stream.getDigestSHA()); - } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS - || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT) { - ds.setSHA(io_stream.getDigestSHA()); - // The Signature should be empty in case of anonimous signature algorithm: - // } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || - // session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) { - } - certificateVerify = new CertificateVerify(ds.sign()); - send(certificateVerify); + // send certificate verify for all certificates except those containing + // fixed DH parameters + if (clientCert != null && !clientKeyExchange.isEmpty()) { + // Certificate verify + DigitalSignature ds = new DigitalSignature( + session.cipherSuite.keyExchange); + ds.init(clientKey); + + if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) { + ds.setMD5(io_stream.getDigestMD5()); + ds.setSHA(io_stream.getDigestSHA()); + } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT) { + ds.setSHA(io_stream.getDigestSHA()); + // The Signature should be empty in case of anonimous signature algorithm: + // } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || + // session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) { } + certificateVerify = new CertificateVerify(ds.sign()); + send(certificateVerify); } sendChangeCipherSpec(); Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeIODataStream.java (working copy) @@ -425,6 +425,30 @@ } /** + * Returns the MD5 digest of the data passed throught the stream + * except last message + * @return MD5 digest + */ + protected byte[] getDigestMD5withoutLast() { + synchronized (md5) { + md5.update(buffer, 0, marked_pos); + return md5.digest(); + } + } + + /** + * Returns the SHA-1 digest of the data passed throught the stream + * except last message + * @return SHA-1 digest + */ + protected byte[] getDigestSHAwithoutLast() { + synchronized (sha) { + sha.update(buffer, 0, marked_pos); + return sha.digest(); + } + } + + /** * Returns all the data passed throught the stream * @return all the data passed throught the stream at the moment */ Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java (working copy) @@ -29,6 +29,7 @@ import java.io.IOException; import java.security.cert.X509Certificate; +import java.util.Vector; import javax.security.auth.x500.X500Principal; @@ -57,7 +58,7 @@ /** * Certificate authorities */ - final X500Principal[] certificate_authorities; + X500Principal[] certificate_authorities; //Requested certificate types as Strings // ("RSA", "DSA", "DH_RSA" or "DH_DSA") @@ -109,12 +110,17 @@ certificate_authorities = new X500Principal[size]; int totalPrincipalsLength = 0; int principalLength = 0; - for (int i = 0; i < size; i++) { + Vector principals = new Vector(); + while (totalPrincipalsLength < size) { principalLength = in.readUint16(); // encoded X500Principal size - certificate_authorities[i] = new X500Principal(in); + principals.add(new X500Principal(in)); totalPrincipalsLength += 2; totalPrincipalsLength += principalLength; } + certificate_authorities = new X500Principal[principals.size()]; + for (int i = 0; i < certificate_authorities.length; i++) { + certificate_authorities[i] = (X500Principal) principals.elementAt(i); + } this.length = 3 + certificate_types.length + totalPrincipalsLength; if (this.length != length) { fatalAlert(AlertProtocol.DECODE_ERROR, @@ -134,8 +140,12 @@ for (int i = 0; i < certificate_types.length; i++) { out.write(certificate_types[i]); } - out.writeUint16(certificate_authorities.length); + int authoritiesLength = 0; for (int i = 0; i < certificate_authorities.length; i++) { + authoritiesLength += encoded_principals[i].length +2; + } + out.writeUint16(authoritiesLength); + for (int i = 0; i < certificate_authorities.length; i++) { out.writeUint16(encoded_principals[i].length); out.write(encoded_principals[i]); } Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java (working copy) @@ -184,29 +184,19 @@ certificateVerify = new CertificateVerify(io_stream, length); DigitalSignature ds = new DigitalSignature(session.cipherSuite.keyExchange); + ds.init(serverCert.certs[0]); byte[] md5_hash = null; byte[] sha_hash = null; - PublicKey pk = serverCert.certs[0].getPublicKey(); - if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) { - int l; - try { - l = getRSAKeyLength(pk); - } catch (Exception e) { - fatalAlert(AlertProtocol.INTERNAL_ERROR, - "INTERNAL ERROR", e); - return; - } - if (l > 512) { // key is longer than 512 bits - md5_hash = io_stream.getDigestMD5(); - sha_hash = io_stream.getDigestSHA(); - } - } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA + + if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA + || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) { - md5_hash = io_stream.getDigestMD5(); - sha_hash = io_stream.getDigestSHA(); + md5_hash = io_stream.getDigestMD5withoutLast(); + sha_hash = io_stream.getDigestSHAwithoutLast(); } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT) { - sha_hash = io_stream.getDigestSHA(); + sha_hash = io_stream.getDigestSHAwithoutLast(); } else if (session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) { } @@ -712,7 +702,7 @@ } else { if ((parameters.getNeedClientAuth() && clientCert == null) || clientKeyExchange == null - || (clientKeyExchange.isEmpty() && certificateVerify == null)) { + || (clientCert != null && !clientKeyExchange.isEmpty() && certificateVerify == null)) { unexpectedMessage(); } else { changeCipherSpecReceived = true; Index: modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java =================================================================== --- modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java (revision 466937) +++ modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateVerify.java (working copy) @@ -63,11 +63,12 @@ throws IOException { if (length == 0) { signedHash = new byte[0]; - } else if (length == 20 || length == 36) { - signedHash = in.read(length); } else { - fatalAlert(AlertProtocol.DECODE_ERROR, - "DECODE ERROR: incorrect CertificateVerify"); + if (in.readUint16() != length - 2) { + fatalAlert(AlertProtocol.DECODE_ERROR, + "DECODE ERROR: incorrect CertificateVerify"); + } + signedHash = in.read(length -2); } this.length = length; } @@ -79,6 +80,7 @@ */ public void send(HandshakeIODataStream out) { if (signedHash.length != 0) { + out.writeUint16(signedHash.length); out.write(signedHash); } }