From 74d9ed331e7c2b84c300e5b81a6c55ed08718e76 Mon Sep 17 00:00:00 2001 From: Simon Bernard Date: Tue, 15 Sep 2020 15:55:14 +0200 Subject: [PATCH] Better log about server certificate validation at client side. --- .../client/californium/CaliforniumEndpointsManager.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java b/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java index ee40c1a1c1..121cd0cfed 100644 --- a/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java +++ b/leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java @@ -141,7 +141,8 @@ public void verifyCertificate(CertificateMessage message, DTLSSession session) if (message.getCertificateChain().getCertificates().size() == 0) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); - throw new HandshakeException("Certificate chain could not be validated", alert); + throw new HandshakeException( + "Certificate chain could not be validated : server cert chain is empty", alert); } Certificate receivedServerCertificate = message.getCertificateChain().getCertificates().get(0); @@ -149,7 +150,9 @@ public void verifyCertificate(CertificateMessage message, DTLSSession session) if (!expectedServerCertificate.equals(receivedServerCertificate)) { AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer()); - throw new HandshakeException("Certificate chain could not be validated", alert); + throw new HandshakeException( + "Certificate chain could not be validated: server certificate does not match expected one ('domain-issue certificate' usage)", + alert); } }