According to http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLSocket.html, SSLSocket.getSession() should set up a session and do an implicit handshake; however that does not appear to be the case with libgcj 4.1.1-30 of Fedora Core 6 (I assume that's classpath 0.92).
Trying to read certificates after an initial getSession() without an explicit handshake results in a "peer not verified" and if I understand the code correctly, no handshake is attempted under the hood. This does not happen with any other crypto implementations that I'm aware of - instead, the documented implicit handshake is done.
Created attachment 12538 [details]
Reproducer code sample
This code should print the first certificate from the savannah.gnu.org SSL cerificate chain. It does so with Sun's JVM, but with libgcj/classpath it fails with:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not verified
Confirmed; I'm certain that we don't implement this behavior.
I think this should be relatively easy to implement this. I'll take a look when I get a moment.