8325022: Incorrect error message on client authentication

Amos Shi · Amos Shi · commit e7e92e0ba75a · 2024-08-16T17:12:23.000Z
Backport-of: fe78c0f1911c9fdc1d30e23847d102748dfa2063
diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
@@ -382,7 +382,7 @@ private void onCertificate(ServerHandshakeContext shc,
                         ClientAuthType.CLIENT_AUTH_REQUESTED) {
                     // unexpected or require client authentication
                     throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                        "Empty server certificate chain");
+                        "Empty client certificate chain");
                 } else {
                     return;
                 }
@@ -399,7 +399,7 @@ private void onCertificate(ServerHandshakeContext shc,
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             checkClientCerts(shc, x509Certs);
@@ -1216,7 +1216,7 @@ private static X509Certificate[] checkClientCerts(
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             // find out the types of client authentication used

Original file line number	Diff line number	Diff line change
`@@ -382,7 +382,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`382`	`382`	`ClientAuthType.CLIENT_AUTH_REQUESTED) {`
`383`	`383`	`// unexpected or require client authentication`
`384`	`384`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`385`		`- "Empty server certificate chain");`
	`385`	`+ "Empty client certificate chain");`
`386`	`386`	`} else {`
`387`	`387`	`return;`
`388`	`388`	`}`
`@@ -399,7 +399,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`399`	`399`	`}`
`400`	`400`	`} catch (CertificateException ce) {`
`401`	`401`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`402`		`- "Failed to parse server certificates", ce);`
	`402`	`+ "Failed to parse client certificates", ce);`
`403`	`403`	`}`
`404`	`404`
`405`	`405`	`checkClientCerts(shc, x509Certs);`
`@@ -1216,7 +1216,7 @@ private static X509Certificate[] checkClientCerts(`
`1216`	`1216`	`}`
`1217`	`1217`	`} catch (CertificateException ce) {`
`1218`	`1218`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`1219`		`- "Failed to parse server certificates", ce);`
	`1219`	`+ "Failed to parse client certificates", ce);`
`1220`	`1220`	`}`
`1221`	`1221`
`1222`	`1222`	`// find out the types of client authentication used`