[fix] prepend leaf cert to extra_chain_cert (#181)

OpenSSL's ssl_add_cert_chain sends the leaf cert (cpk->x509) first,
then iterates extra_certs. JRuby's KeyManagerImpl.getCertificateChain
was returning only the extra_chain_cert list without the leaf, causing
failures when the server couldn't find the client certificate.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: kares

src/main/java/org/jruby/ext/openssl/SSLContext.java

@@ -1137,7 +1137,12 @@ public java.security.cert.X509Certificate[] getCertificateChain(String alias) {
             final List<java.security.cert.X509Certificate> chain;
 
             if ( internalContext.extraChainCert != null ) {
-                chain = (List) internalContext.extraChainCert;
+                // C OpenSSL (ssl_add_cert_chain) sends the leaf cert first,
+                // then iterates extra_certs. JSSE's getCertificateChain must
+                // return the full chain starting with the leaf.
+                chain = new ArrayList<>(internalContext.extraChainCert.size() + 1);
+                if ( internalContext.cert != null ) chain.add(internalContext.cert);
+                chain.addAll(internalContext.extraChainCert);
             }
             else if ( internalContext.cert != null ) {
                 chain = new ArrayList<>(8);

src/test/ruby/ssl/test_ssl.rb

@@ -347,6 +347,49 @@ def test_verify_hostname_failure_error_code_via_callback
     end
   end
 
+  # GH-181: extra_chain_cert must include the leaf cert when sent over the wire.
+  # C OpenSSL's ssl_add_cert_chain sends cpk->x509 first, then extra_certs.
+  def test_extra_chain_cert_sends_leaf
+    # Create CA -> Intermediate -> Leaf
+    now = Time.now
+    int_key = OpenSSL::PKey::RSA.new(2048)
+    int_cert = issue_cert(
+      OpenSSL::X509::Name.parse("/CN=Intermediate"), int_key, 10,
+      [["basicConstraints","CA:TRUE",true],["keyUsage","cRLSign,keyCertSign",true]],
+      @ca_cert, @ca_key, not_before: now, not_after: now + 3600)
+    leaf_key = OpenSSL::PKey::RSA.new(2048)
+    leaf_cert = issue_cert(
+      OpenSSL::X509::Name.parse("/CN=Leaf"), leaf_key, 11,
+      [["keyUsage","keyEncipherment,digitalSignature",true]],
+      int_cert, int_key, not_before: now, not_after: now + 1800)
+
+    # Server trusts CA and verifies client certs
+    ctx_proc = Proc.new do |ctx|
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      ctx.cert_store = OpenSSL::X509::Store.new
+      ctx.cert_store.add_cert(@ca_cert)
+    end
+
+    server_proc = Proc.new do |sctx, ssl|
+      # Server should see the leaf as peer_cert
+      assert_equal "/CN=Leaf", ssl.peer_cert.subject.to_s
+      readwrite_loop(sctx, ssl)
+    end
+
+    start_server(OpenSSL::SSL::VERIFY_NONE, true,
+                 ctx_proc: ctx_proc, server_proc: server_proc) do |server, port|
+      cctx = OpenSSL::SSL::SSLContext.new
+      cctx.cert = leaf_cert
+      cctx.key = leaf_key
+      cctx.extra_chain_cert = [int_cert]
+      cctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      server_connect(port, cctx) do |ssl|
+        ssl.puts "hello"
+        assert_equal "hello\n", ssl.gets
+      end
+    end
+  end
+
   def test_post_connect_check_with_anon_ciphers
     unless OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
       return skip('OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 not enabled')