# HG changeset patch
# User xuelei
# Date 1526530686 25200
# Node ID a06a7dece50358fdd084151bacbdbf1dbbaaf16e
# Parent  0ee6535f3f5bf7cfa914434253ae039b7e4dc1ff
TLS 1.3, check alpn respond value

diff -r 0ee6535f3f5b -r a06a7dece503 src/java.base/share/classes/sun/security/ssl/AlpnExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 15:41:50 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 21:18:06 2018 -0700
@@ -463,7 +463,17 @@
             if (spec.applicationProtocols.size() != 1) {
                 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                     "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +
-                    "Only one protocol name is allowed in ServerHello message");
+                    "Only one application protocol name " +
+                    "is allowed in ServerHello message");
+            }
+            
+            // The respond application protocol must be one of the requested.
+            if (requestedAlps.applicationProtocols.contains(
+                    spec.applicationProtocols)) {
+                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                    "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +
+                    "Only client specified application protocol " +
+                    "is allowed in ServerHello message");                
             }
 
             // Update the context.