256 } else {
257 throw tc.fatal(alert,
258 "Received fatal close_notify alert", true, null);
259 }
260 } else if ((level == Level.WARNING) && (alert != null)) {
261 // Terminate the connection if an alert with a level of warning
262 // is received during handshaking, except the no_certificate
263 // warning.
264 if (alert.handshakeOnly && (tc.handshakeContext != null)) {
265 // It's OK to get a no_certificate alert from a client of
266 // which we requested client authentication. However,
267 // if we required it, then this is not acceptable.
268 if (tc.sslConfig.isClientMode ||
269 alert != Alert.NO_CERTIFICATE ||
270 (tc.sslConfig.clientAuthType !=
271 ClientAuthType.CLIENT_AUTH_REQUESTED)) {
272 throw tc.fatal(Alert.HANDSHAKE_FAILURE,
273 "received handshake warning: " + alert.description);
274 } else {
275 // Otherwise ignore the warning but remove the
276 // CertificateVerify handshake consumer so the state
277 // machine doesn't expect it.
278 tc.handshakeContext.handshakeConsumers.remove(
279 SSLHandshake.CERTIFICATE_VERIFY.id);
280 }
281 } // Otherwise, ignore the warning
282 } else { // fatal or unknown
283 String diagnostic;
284 if (alert == null) {
285 alert = Alert.UNEXPECTED_MESSAGE;
286 diagnostic = "Unknown alert description (" + am.id + ")";
287 } else {
288 diagnostic = "Received fatal alert: " + alert.description;
289 }
290
291 throw tc.fatal(alert, diagnostic, true, null);
292 }
293 }
294 }
295 }
|
256 } else {
257 throw tc.fatal(alert,
258 "Received fatal close_notify alert", true, null);
259 }
260 } else if ((level == Level.WARNING) && (alert != null)) {
261 // Terminate the connection if an alert with a level of warning
262 // is received during handshaking, except the no_certificate
263 // warning.
264 if (alert.handshakeOnly && (tc.handshakeContext != null)) {
265 // It's OK to get a no_certificate alert from a client of
266 // which we requested client authentication. However,
267 // if we required it, then this is not acceptable.
268 if (tc.sslConfig.isClientMode ||
269 alert != Alert.NO_CERTIFICATE ||
270 (tc.sslConfig.clientAuthType !=
271 ClientAuthType.CLIENT_AUTH_REQUESTED)) {
272 throw tc.fatal(Alert.HANDSHAKE_FAILURE,
273 "received handshake warning: " + alert.description);
274 } else {
275 // Otherwise ignore the warning but remove the
276 // Certificate and CertificateVerify handshake
277 // consumer so the state machine doesn't expect it.
278 tc.handshakeContext.handshakeConsumers.remove(
279 SSLHandshake.CERTIFICATE.id);
280 tc.handshakeContext.handshakeConsumers.remove(
281 SSLHandshake.CERTIFICATE_VERIFY.id);
282 }
283 } // Otherwise, ignore the warning
284 } else { // fatal or unknown
285 String diagnostic;
286 if (alert == null) {
287 alert = Alert.UNEXPECTED_MESSAGE;
288 diagnostic = "Unknown alert description (" + am.id + ")";
289 } else {
290 diagnostic = "Received fatal alert: " + alert.description;
291 }
292
293 throw tc.fatal(alert, diagnostic, true, null);
294 }
295 }
296 }
297 }
|