8325022: Incorrect error message on client authentication

John Jiang · John Jiang · commit fe78c0f1911c · 2024-02-01T02:35:34.000Z
Reviewed-by: jnimeh, hchao, djelinski
diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -386,7 +386,7 @@ private void onCertificate(ServerHandshakeContext shc,
                         ClientAuthType.CLIENT_AUTH_REQUESTED) {
                     // unexpected or require client authentication
                     throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                        "Empty server certificate chain");
+                        "Empty client certificate chain");
                 } else {
                     return;
                 }
@@ -403,7 +403,7 @@ private void onCertificate(ServerHandshakeContext shc,
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             checkClientCerts(shc, x509Certs);
@@ -1224,7 +1224,7 @@ private static X509Certificate[] checkClientCerts(
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             // find out the types of client authentication used

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`	`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
`4`	`4`	`*`
`5`	`5`	`* This code is free software; you can redistribute it and/or modify it`
`@@ -386,7 +386,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`386`	`386`	`ClientAuthType.CLIENT_AUTH_REQUESTED) {`
`387`	`387`	`// unexpected or require client authentication`
`388`	`388`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`389`		`- "Empty server certificate chain");`
	`389`	`+ "Empty client certificate chain");`
`390`	`390`	`} else {`
`391`	`391`	`return;`
`392`	`392`	`}`
`@@ -403,7 +403,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`403`	`403`	`}`
`404`	`404`	`} catch (CertificateException ce) {`
`405`	`405`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`406`		`- "Failed to parse server certificates", ce);`
	`406`	`+ "Failed to parse client certificates", ce);`
`407`	`407`	`}`
`408`	`408`
`409`	`409`	`checkClientCerts(shc, x509Certs);`
`@@ -1224,7 +1224,7 @@ private static X509Certificate[] checkClientCerts(`
`1224`	`1224`	`}`
`1225`	`1225`	`} catch (CertificateException ce) {`
`1226`	`1226`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`1227`		`- "Failed to parse server certificates", ce);`
	`1227`	`+ "Failed to parse client certificates", ce);`
`1228`	`1228`	`}`
`1229`	`1229`
`1230`	`1230`	`// find out the types of client authentication used`