diff --git a/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java b/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java index ee40c1a1c1..121cd0cfed 100644 --- a/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java +++ b/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java @@ -141,7 +141,8 @@ public void verifyCertificate(CertificateMessage message, DTLSSession session) if (message.getCertificateChain().getCertificates().size() == 0) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); - throw new HandshakeException("Certificate chain could not be validated", alert); + throw new HandshakeException( + "Certificate chain could not be validated : server cert chain is empty", alert); } Certificate receivedServerCertificate = message.getCertificateChain().getCertificates().get(0); @@ -149,7 +150,9 @@ public void verifyCertificate(CertificateMessage message, DTLSSession session) if (!expectedServerCertificate.equals(receivedServerCertificate)) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); - throw new HandshakeException("Certificate chain could not be validated", alert); + throw new HandshakeException( + "Certificate chain could not be validated: server certificate does not match expected one ('domain-issue certificate' usage)", + alert); } }