diff options
author | Ingela Anderton Andin <[email protected]> | 2018-04-26 16:58:28 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-04-26 16:58:28 +0200 |
commit | a80c4ea05450b429b9f9d12800f3a742fc69d19f (patch) | |
tree | e755081ecd509134a23aa1e876c61b3620932632 /lib/ssl/src/ssl_connection.erl | |
parent | 381ab6129998cbd43216eaafabf7cef78c879c5d (diff) | |
download | otp-a80c4ea05450b429b9f9d12800f3a742fc69d19f.tar.gz otp-a80c4ea05450b429b9f9d12800f3a742fc69d19f.tar.bz2 otp-a80c4ea05450b429b9f9d12800f3a742fc69d19f.zip |
ssl: Proper handling of clients that choose to send an empty
answer to a certificate request
Solves ERL-599
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index f816979b9f..3f8c1f97f9 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -827,6 +827,14 @@ certify(internal, #certificate_request{}, Alg == srp_dss; Alg == srp_rsa; Alg == srp_anon -> handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), Version, ?FUNCTION_NAME, State); +certify(internal, #certificate_request{}, + #state{session = #session{own_certificate = undefined}, + role = client} = State0, Connection) -> + %% The client does not have a certificate and will send an empty reply, the server may fail + %% or accept the connection by its own preference. No signature algorihms needed as there is + %% no certificate to verify. + {Record, State} = Connection:next_record(State0), + Connection:next_event(?FUNCTION_NAME, Record, State#state{client_certificate_requested = true}); certify(internal, #certificate_request{} = CertRequest, #state{session = #session{own_certificate = Cert}, role = client, |