8325022: Incorrect error message on client authentication

Amos Shi · Amos Shi · commit 2bae83931c6b · 2024-08-16T17:09:21.000Z
Backport-of: fe78c0f1911c9fdc1d30e23847d102748dfa2063
diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
@@ -388,7 +388,7 @@ private void onCertificate(ServerHandshakeContext shc,
                         ClientAuthType.CLIENT_AUTH_REQUESTED) {
                     // unexpected or require client authentication
                     throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                        "Empty server certificate chain");
+                        "Empty client certificate chain");
                 } else {
                     return;
                 }
@@ -405,7 +405,7 @@ private void onCertificate(ServerHandshakeContext shc,
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             checkClientCerts(shc, x509Certs);
@@ -1247,7 +1247,7 @@ private static X509Certificate[] checkClientCerts(
                 }
             } catch (CertificateException ce) {
                 throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
-                    "Failed to parse server certificates", ce);
+                    "Failed to parse client certificates", ce);
             }
 
             // find out the types of client authentication used

Original file line number	Diff line number	Diff line change
`@@ -388,7 +388,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`388`	`388`	`ClientAuthType.CLIENT_AUTH_REQUESTED) {`
`389`	`389`	`// unexpected or require client authentication`
`390`	`390`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`391`		`- "Empty server certificate chain");`
	`391`	`+ "Empty client certificate chain");`
`392`	`392`	`} else {`
`393`	`393`	`return;`
`394`	`394`	`}`
`@@ -405,7 +405,7 @@ private void onCertificate(ServerHandshakeContext shc,`
`405`	`405`	`}`
`406`	`406`	`} catch (CertificateException ce) {`
`407`	`407`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`408`		`- "Failed to parse server certificates", ce);`
	`408`	`+ "Failed to parse client certificates", ce);`
`409`	`409`	`}`
`410`	`410`
`411`	`411`	`checkClientCerts(shc, x509Certs);`
`@@ -1247,7 +1247,7 @@ private static X509Certificate[] checkClientCerts(`
`1247`	`1247`	`}`
`1248`	`1248`	`} catch (CertificateException ce) {`
`1249`	`1249`	`throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,`
`1250`		`- "Failed to parse server certificates", ce);`
	`1250`	`+ "Failed to parse client certificates", ce);`
`1251`	`1251`	`}`
`1252`	`1252`
`1253`	`1253`	`// find out the types of client authentication used`