Merge pull request #119 from cconlon/certchainalias

X509KeyManager.getCertificateChain(): return null if alias is null
wolfSSL · Mar 7, 2023 · e405d6d · e405d6d
2 parents 3420a39 + dd7974a
commit e405d6d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java
@@ -201,7 +201,7 @@ public X509Certificate[] getCertificateChain(String alias) {
         WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
             "entered getCertificateChain(), alias: " + alias);
 
-        if (store == null) {
+        if (store == null || alias == null) {
             return null;
         }
 

diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java
@@ -88,6 +88,15 @@ public void testgetClientAliases() {
             fail("unexpected number of alias found");
         }
 
+        /* Try getting chain with null alias, should return null */
+        chain = km.getCertificateChain(null);
+        if (chain != null) {
+            error("\t... failed");
+            fail("did not return null chain with null alias");
+            return;
+        }
+
+        /* Try getting chain with client alias */
         chain = km.getCertificateChain("client");
         if (chain == null || chain.length < 1) {
             error("\t... failed");