diff options
author | Ingela Anderton Andin <[email protected]> | 2010-06-29 09:22:10 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2010-06-29 11:31:38 +0200 |
commit | ba903abd7e863f5a29ff4ab0d7a33547b0361de0 (patch) | |
tree | d4fe1d231466227267d0e9652c804cb7aee15303 /lib/ssl/src/ssl_handshake.erl | |
parent | 5ef0b06ddbaa48499394c30d56fc81e7162abf50 (diff) | |
download | otp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.tar.gz otp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.tar.bz2 otp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.zip |
The server now verifies the client certificate verify message correctly, instead of causing a case-clause.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 3811906d77..fcc30f6137 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -304,9 +304,15 @@ certificate_verify(Signature, {_, PublicKey, _}, Version, end; certificate_verify(Signature, {_, PublicKey, PublicKeyParams}, Version, MasterSecret, dhe_dss = Algorithm, {_, Hashes0}) -> - Hashes = calc_certificate_verify(Version, MasterSecret, - Algorithm, Hashes0), - public_key:verify_signature(Hashes, sha, Signature, PublicKey, PublicKeyParams). + Hashes = calc_certificate_verify(Version, MasterSecret, + Algorithm, Hashes0), + case public_key:verify_signature(Hashes, none, Signature, PublicKey, PublicKeyParams) of + true -> + valid; + false -> + ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE) + end. + %%-------------------------------------------------------------------- -spec certificate_request(#connection_states{}, certdb_ref()) -> |