CertificateRequest should handle case where certificate is requested but none is available.
Android SSL client was not handling a CertificateRequest where there was no cert to send.
It had a problem because it was assuming that if the CertificateMessage response is not null,
it means there is a cert included, which is not true (if it has no cert to send an empty CertificateMessage
is sent to the server). So I updated the CertificateVerify creation check to also check whether the CertificateMessage
contained any certs (ClientHandshakeImpl.java).
In testing I found that the same error was in the server code so I made the same change there
(ServerHandshakeImpl.java).
I added two test cases to SSLEngineTest - one to directly test the scenario (test_SSLEngine_clientAuthWantedNoClientCert)
and one to just double-check that the server would not allow the connection if setNeedClientAuth (test_SSLEngine_clientAuthNeededNoClientCert).
Bug: http://code.google.com/p/android/issues/detail?id=31903
Change-Id: Ideb57d6ccbcdd54ca24dc3063e60aba2653c8414
3 files changed