--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Thu Oct 17 20:27:44 2019 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Thu Oct 17 20:53:35 2019 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -330,6 +330,15 @@
// clean up this consumer
chc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_REQUEST.id);
+ SSLConsumer certStatCons = chc.handshakeConsumers.remove(
+ SSLHandshake.CERTIFICATE_STATUS.id);
+ if (certStatCons != null) {
+ // Stapling was active but no certificate status message
+ // was sent. We need to run the absence handler which will
+ // check the certificate chain.
+ CertificateStatus.handshakeAbsence.absent(context, null);
+ }
+
T10CertificateRequestMessage crm =
new T10CertificateRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
@@ -647,6 +656,15 @@
// clean up this consumer
chc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_REQUEST.id);
+ SSLConsumer certStatCons = chc.handshakeConsumers.remove(
+ SSLHandshake.CERTIFICATE_STATUS.id);
+ if (certStatCons != null) {
+ // Stapling was active but no certificate status message
+ // was sent. We need to run the absence handler which will
+ // check the certificate chain.
+ CertificateStatus.handshakeAbsence.absent(context, null);
+ }
+
T12CertificateRequestMessage crm =
new T12CertificateRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
@@ -718,6 +736,7 @@
// Don't select a signature scheme unless we will be able to
// produce a CertificateVerify message later
if (SignatureScheme.getPreferableAlgorithm(
+ hc.algorithmConstraints,
hc.peerRequestedSignatureSchemes,
ss, hc.negotiatedProtocol) == null) {