Merge branch 'ia/ssl-public_key-empty-cert-chain/OTP-8788' into dev

* ia/ssl-public_key-empty-cert-chain/OTP-8788: Empty certificate chain
author: Ingela Anderton Andin <ingela@erlang.org> 2010-09-01 08:37:37 +0200
committer: Ingela Anderton Andin <ingela@erlang.org> 2010-09-01 08:37:37 +0200
commit: 8537e5489707c8961c1a6f045f635b7a064f811c (patch)
tree: a74a43c10ba57dec0c03e5e42581fffa637ae140 /lib/ssl/src/ssl_handshake.erl
parent: d6559386aaf37419864885bcd6bf43a9af8480b7 (diff)
parent: a6de8740405037bad55c09089f1d69c8c5511d6c (diff)
download: otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.gz
otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.bz2
otp-8537e5489707c8961c1a6f045f635b7a064f811c.zip
1 files changed, 7 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index ee725997a4..add5147fb4 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -203,18 +203,15 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbRef,
 		end
 	end,
     try
-	%% Allow missing root_cert and check that with VerifyFun
-	ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbRef, false) of
-	{TrustedErlCert, CertPath, VerifyErrors} ->
+	ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbRef) of
+	{TrustedErlCert, CertPath} ->
 	    Result = public_key:pkix_path_validation(TrustedErlCert, 
 						     CertPath, 
 						     [{max_path_length, 
 						       MaxPathLen},
 						      {verify, VerifyBool},
 						      {validate_extensions_fun, 
-						       ValidateExtensionFun},
-						      {acc_errors, 
-						       VerifyErrors}]),
+						       ValidateExtensionFun}]),
 	    case Result of
 		{error, Reason} ->
 		    path_validation_alert(Reason, Verify);
@@ -474,7 +471,7 @@ get_tls_handshake(Data, Buffer) ->
     get_tls_handshake_aux(list_to_binary([Buffer, Data]), []).
 
 %%--------------------------------------------------------------------
--spec dec_client_key(binary(), key_algo(), tls_version()) ->
+-spec decode_client_key(binary(), key_algo(), tls_version()) ->
 			    #encrypted_premaster_secret{} | #client_diffie_hellman_public{}.
 %%
 %% Description: Decode client_key data and return appropriate type
@@ -510,6 +507,8 @@ path_validation_alert({bad_cert, unknown_critical_extension}, _) ->
     ?ALERT_REC(?FATAL, ?UNSUPPORTED_CERTIFICATE);
 path_validation_alert({bad_cert, cert_revoked}, _) ->
     ?ALERT_REC(?FATAL, ?CERTIFICATE_REVOKED);
+path_validation_alert({bad_cert, unknown_ca}, _) ->
+     ?ALERT_REC(?FATAL, ?UNKNOWN_CA);
 path_validation_alert(_, _) ->
     ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE).
 
@@ -1129,7 +1128,7 @@ sig_alg(_) ->
 key_exchange_alg(rsa) ->
     ?KEY_EXCHANGE_RSA;
 key_exchange_alg(Alg) when Alg == dhe_rsa; Alg == dhe_dss;
-			    Alg == dh_dss; Alg == dh_rsa; Alg == dh_anon ->
+			    Alg == dh_dss; Alg == dh_rsa  ->
     ?KEY_EXCHANGE_DIFFIE_HELLMAN;
 key_exchange_alg(_) ->
     ?NULL.
author	Ingela Anderton Andin <ingela@erlang.org>	2010-09-01 08:37:37 +0200
committer	Ingela Anderton Andin <ingela@erlang.org>	2010-09-01 08:37:37 +0200
commit	8537e5489707c8961c1a6f045f635b7a064f811c (patch)
tree	a74a43c10ba57dec0c03e5e42581fffa637ae140 /lib/ssl/src/ssl_handshake.erl
parent	d6559386aaf37419864885bcd6bf43a9af8480b7 (diff)
parent	a6de8740405037bad55c09089f1d69c8c5511d6c (diff)
download	otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.gz otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.bz2 otp-8537e5489707c8961c1a6f045f635b7a064f811c.zip