-
Bug
-
Resolution: Fixed
-
P4
-
1.0.3_02, 1.0.2
-
None
-
03
-
generic, sparc
-
generic, solaris_2.5.1
There is a bug in the unbundled JSSE 1.0.3 concerning client authentication.
The bug appears only when trying to force the server to authenticate the client
by using a SSLSocket that has been created by wrapping an existing plain socket
and on which the SSLSocket.setNeedClientAuth(true) has been called before
starting the handshake. If the SSLSocket is retrieved from the
SSLServerSocket.accept(), after calling SSLServerSocket.setNeedClientAuth(true)
then it works fine.
When the wrapped SSLSocket is queried its NeedClientAuth flag is true but the
server does not require client authentication nevertheless.
I have reproduced this bug with JSSE 1.0.3_02 under J2SE 1.3.1_09 on
Solaris_8/SPARC.
I have successfully run the same test on J2SE 1.4.2_02 (bundled JSSE) on
Solaris_8/SPARC.
In order to reproduce the bug use the test in attachment.
The bug appears only when trying to force the server to authenticate the client
by using a SSLSocket that has been created by wrapping an existing plain socket
and on which the SSLSocket.setNeedClientAuth(true) has been called before
starting the handshake. If the SSLSocket is retrieved from the
SSLServerSocket.accept(), after calling SSLServerSocket.setNeedClientAuth(true)
then it works fine.
When the wrapped SSLSocket is queried its NeedClientAuth flag is true but the
server does not require client authentication nevertheless.
I have reproduced this bug with JSSE 1.0.3_02 under J2SE 1.3.1_09 on
Solaris_8/SPARC.
I have successfully run the same test on J2SE 1.4.2_02 (bundled JSSE) on
Solaris_8/SPARC.
In order to reproduce the bug use the test in attachment.
- duplicates
-
-
- Closed
-