1 Reply Latest reply on Apr 20, 2012 3:14 AM by EJP

    how do you control the kind of TLS alerts sent by JSSE?

      I am working on an application which does certificate path validation that needs to plug into the JSSE framework. So, I have implemented my own X509TrustManager which implement the 'checkClientTrusted' and 'checkServerTrusted' methods such that when the application's certificate path validation fails, it throws a CertificateException as desired by the method signature. Also, CertificateException has four subclasses: CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException and CertificateParsingException. The subclass of CertificateException that you throw on certificate path validation failure makes JSSE send a relevant TLS alert to the SSL negotiating peer. HOWEVER, the subclasses of CertificateException don't include anything to send many important TLS alerts like certificate_revoked, unsupported_certificate and many more. How can you make JSSE send these alerts in this case?