diff options
author | Ingela Anderton Andin <[email protected]> | 2016-06-07 14:45:12 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-06-07 14:45:12 +0200 |
commit | a39395d4f99aff99ac57ab40a3191fa13a7371fd (patch) | |
tree | 3ed4fd93a0b26b6e18d475de45e153353978c0a7 | |
parent | ce9aa5ad1737ca1583e0c8bd6abea3099016a4a1 (diff) | |
parent | 74e55d771666fc5a369f62ebf695fbd040aff997 (diff) | |
download | otp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.tar.gz otp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.tar.bz2 otp-a39395d4f99aff99ac57ab40a3191fa13a7371fd.zip |
Merge branch 'ingela/ssl/unexpected-client-cert/OTP-13651'
* ingela/ssl/unexpected-client-cert/OTP-13651:
ssl: Reject unrequested client cert
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index b45c5c8fc6..90e0810241 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []}, Connection:next_record(State0#state{client_certificate_requested = false}), Connection:next_event(certify, Record, State); +certify(internal, #certificate{}, + #state{role = server, + negotiated_version = Version, + ssl_options = #ssl_options{verify = verify_none}} = + State, Connection) -> + Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate), + Connection:handle_own_alert(Alert, Version, certify, State); + certify(internal, #certificate{} = Cert, #state{negotiated_version = Version, role = Role, |