jdk-sandbox: changeset 56566:a06a7dece503

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help

--- a/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 15:41:50 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 21:18:06 2018 -0700
@@ -463,7 +463,17 @@
             if (spec.applicationProtocols.size() != 1) {
                 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                     "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +
-                    "Only one protocol name is allowed in ServerHello message");
+                    "Only one application protocol name " +
+                    "is allowed in ServerHello message");
+            }
+            
+            // The respond application protocol must be one of the requested.
+            if (requestedAlps.applicationProtocols.contains(
+                    spec.applicationProtocols)) {
+                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                    "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +
+                    "Only client specified application protocol " +
+                    "is allowed in ServerHello message");                
             }
 
             // Update the context.

author	xuelei
	Wed, 16 May 2018 21:18:06 -0700
branch	JDK-8145252-TLS13-branch
changeset 56566	a06a7dece503
parent 56565	0ee6535f3f5b
child 56567	45e123c0de3b