diff options
author | Ingela Anderton Andin <[email protected]> | 2016-06-03 17:21:18 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-06-03 17:21:18 +0200 |
commit | 74e55d771666fc5a369f62ebf695fbd040aff997 (patch) | |
tree | b8dfbf386aed4cb0acdfa58bc9726fd09bffe7ed /lib/ssl/src/ssl_connection.erl | |
parent | d26c15e07229c90ba8353bd78d5406ada0f13271 (diff) | |
download | otp-74e55d771666fc5a369f62ebf695fbd040aff997.tar.gz otp-74e55d771666fc5a369f62ebf695fbd040aff997.tar.bz2 otp-74e55d771666fc5a369f62ebf695fbd040aff997.zip |
ssl: Reject unrequested client cert
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index b45c5c8fc6..90e0810241 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []}, Connection:next_record(State0#state{client_certificate_requested = false}), Connection:next_event(certify, Record, State); +certify(internal, #certificate{}, + #state{role = server, + negotiated_version = Version, + ssl_options = #ssl_options{verify = verify_none}} = + State, Connection) -> + Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate), + Connection:handle_own_alert(Alert, Version, certify, State); + certify(internal, #certificate{} = Cert, #state{negotiated_version = Version, role = Role, |