Details
-
Type:
Task
-
Status: Open
-
Priority:
P3
-
Resolution: Unresolved
-
Affects Version/s: 6u95
-
Fix Version/s: None
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
Description
It's not clear how a SSL client's certificate which is sent to server for a
client authentication is selected on the client if multiple certificates for
a same signer exit in the client's keystore file. Then, an expired client
certificate can be selected wrongly for the client authentication against a
programmer's intention if a valid certificate and an expired certificate for
the same signer exist in the keystore file. And, the
javax.net.ssl.SSLHandshakeException would be thrown in both sides, client and
server, as a handshake error.
client authentication is selected on the client if multiple certificates for
a same signer exit in the client's keystore file. Then, an expired client
certificate can be selected wrongly for the client authentication against a
programmer's intention if a valid certificate and an expired certificate for
the same signer exist in the keystore file. And, the
javax.net.ssl.SSLHandshakeException would be thrown in both sides, client and
server, as a handshake error.