aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-07-07 14:45:02 +0200
committerIngela Anderton Andin <[email protected]>2010-07-07 14:45:02 +0200
commit299e223038502d4b1a7faaea096ca6efc88b5d9e (patch)
tree4b3f5c91644e755a9a1ba4e8c581c0b1d9254efe
parentc752a4ea65c744ac283cc277717f8defa15ae610 (diff)
parentdc67a89b7eccc8df60063c7c56aa26f8b1ef30ad (diff)
downloadotp-299e223038502d4b1a7faaea096ca6efc88b5d9e.tar.gz
otp-299e223038502d4b1a7faaea096ca6efc88b5d9e.tar.bz2
otp-299e223038502d4b1a7faaea096ca6efc88b5d9e.zip
Merge branch 'ia/ssl/dsa_client_cert/OTP-8721' into dev
-rw-r--r--lib/ssl/src/ssl_handshake.erl12
-rw-r--r--lib/ssl/test/ssl_test_lib.erl4
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl4
-rw-r--r--lib/ssl/vsn.mk10
4 files changed, 21 insertions, 9 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 3811906d77..fcc30f6137 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -304,9 +304,15 @@ certificate_verify(Signature, {_, PublicKey, _}, Version,
end;
certificate_verify(Signature, {_, PublicKey, PublicKeyParams}, Version,
MasterSecret, dhe_dss = Algorithm, {_, Hashes0}) ->
- Hashes = calc_certificate_verify(Version, MasterSecret,
- Algorithm, Hashes0),
- public_key:verify_signature(Hashes, sha, Signature, PublicKey, PublicKeyParams).
+ Hashes = calc_certificate_verify(Version, MasterSecret,
+ Algorithm, Hashes0),
+ case public_key:verify_signature(Hashes, none, Signature, PublicKey, PublicKeyParams) of
+ true ->
+ valid;
+ false ->
+ ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE)
+ end.
+
%%--------------------------------------------------------------------
-spec certificate_request(#connection_states{}, certdb_ref()) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 40715dbf30..dd0818827a 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -325,6 +325,10 @@ make_dsa_cert(Config) ->
[{server_dsa_opts, [{ssl_imp, new},{reuseaddr, true},
{cacertfile, ServerCaCertFile},
{certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+ {server_dsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+ {cacertfile, ServerCaCertFile},
+ {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+ {verify, verify_peer}]},
{client_dsa_opts, [{ssl_imp, new},{reuseaddr, true},
{cacertfile, ClientCaCertFile},
{certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index d2a4ca8db5..75cfce0052 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -309,7 +309,7 @@ tls1_erlang_server_openssl_client_dsa_cert(suite) ->
tls1_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
ClientOpts = ?config(client_dsa_opts, Config),
- ServerOpts = ?config(server_dsa_opts, Config),
+ ServerOpts = ?config(server_dsa_verify_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -398,7 +398,7 @@ ssl3_erlang_server_openssl_client_dsa_cert(suite) ->
ssl3_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
ClientOpts = ?config(client_dsa_opts, Config),
- ServerOpts = ?config(server_dsa_opts, Config),
+ ServerOpts = ?config(server_dsa_verify_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 74b1cf4c78..254ee8b986 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -17,12 +17,14 @@
# %CopyrightEnd%
#
-SSL_VSN = 4.0
+SSL_VSN = 4.0.1
-TICKETS = OTP-8587\
- OTP-8695
+TICKETS = OTP-8721
-#TICKETS = OTP-8679 \
+#TICKETS_4.0 = OTP-8587\
+# OTP-8695
+
+#TICKETS_3.11.1 = OTP-8679 \
# OTP-7047 \
# OTP-7049 \
# OTP-8568 \