equal
deleted
inserted
replaced
438 if (chc.reservedServerCerts != null && |
438 if (chc.reservedServerCerts != null && |
439 !chc.handshakeSession.useExtendedMasterSecret) { |
439 !chc.handshakeSession.useExtendedMasterSecret) { |
440 // It is not necessary to check the certificate update if |
440 // It is not necessary to check the certificate update if |
441 // endpoint identification is enabled. |
441 // endpoint identification is enabled. |
442 String identityAlg = chc.sslConfig.identificationProtocol; |
442 String identityAlg = chc.sslConfig.identificationProtocol; |
443 if ((identityAlg == null || identityAlg.length() == 0) && |
443 if ((identityAlg == null || identityAlg.isEmpty()) && |
444 !isIdentityEquivalent(x509Certs[0], |
444 !isIdentityEquivalent(x509Certs[0], |
445 chc.reservedServerCerts[0])) { |
445 chc.reservedServerCerts[0])) { |
446 chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
446 chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
447 "server certificate change is restricted " + |
447 "server certificate change is restricted " + |
448 "during renegotiation"); |
448 "during renegotiation"); |