summaryrefslogtreecommitdiff
path: root/gnu/javax/net/ssl/provider/ClientHandshake.java
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/javax/net/ssl/provider/ClientHandshake.java')
-rw-r--r--gnu/javax/net/ssl/provider/ClientHandshake.java8
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/javax/net/ssl/provider/ClientHandshake.java b/gnu/javax/net/ssl/provider/ClientHandshake.java
index 059b165a6..a87800845 100644
--- a/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1082,7 +1082,13 @@ outer_loop:
Cipher rsa = Cipher.getInstance("RSA");
java.security.cert.Certificate cert
= engine.session().getPeerCertificates()[0];
- rsa.init(Cipher.ENCRYPT_MODE, cert);
+ if (cert instanceof X509Certificate)
+ {
+ boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+ if (keyUsage != null && !keyUsage[2])
+ throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+ }
+ rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
// Generate our session keys, because we can.
View Lorry Controller Status