aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2016-06-07 14:45:12 +0200
committerIngela Anderton Andin <[email protected]>2016-06-07 14:45:12 +0200
commita39395d4f99aff99ac57ab40a3191fa13a7371fd (patch)
tree3ed4fd93a0b26b6e18d475de45e153353978c0a7
parentce9aa5ad1737ca1583e0c8bd6abea3099016a4a1 (diff)
parent74e55d771666fc5a369f62ebf695fbd040aff997 (diff)
downloadotp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.tar.gz
otp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.tar.bz2
otp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.zip
Merge branch 'ingela/ssl/unexpected-client-cert/OTP-13651'
* ingela/ssl/unexpected-client-cert/OTP-13651: ssl: Reject unrequested client cert
-rw-r--r--lib/ssl/src/ssl_connection.erl8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b45c5c8fc6..90e0810241 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []},
Connection:next_record(State0#state{client_certificate_requested = false}),
Connection:next_event(certify, Record, State);
+certify(internal, #certificate{},
+ #state{role = server,
+ negotiated_version = Version,
+ ssl_options = #ssl_options{verify = verify_none}} =
+ State, Connection) ->
+ Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate),
+ Connection:handle_own_alert(Alert, Version, certify, State);
+
certify(internal, #certificate{} = Cert,
#state{negotiated_version = Version,
role = Role,