diff options
| author | Lukas Larsson <[email protected]> | 2012-08-27 11:43:23 +0200 |
|---|---|---|
| committer | Lukas Larsson <[email protected]> | 2012-08-27 11:43:23 +0200 |
| commit | 77c3d2b24c4b447d9e93e458080bd575e6364eab (patch) | |
| tree | 3a0321b9310ab858949f344879f6343edc91605a /lib/ssl/src/ssl_handshake.erl | |
| parent | 7f68805f5c07abeb887d5634706ebca3b8747e79 (diff) | |
| parent | c44761ce22e76d9d07241ea5942e4b7e2c7aeb28 (diff) | |
| download | otp-77c3d2b24c4b447d9e93e458080bd575e6364eab.tar.gz otp-77c3d2b24c4b447d9e93e458080bd575e6364eab.tar.bz2 otp-77c3d2b24c4b447d9e93e458080bd575e6364eab.zip | |
Merge branch 'maint'
* maint:
Bumped version nr
ssl & public_key: Workaround that some certificates encode countryname as utf8 and close down gracefully if other ASN-1 errors occur.
Add more cross reference links to ct docs
Remove config option from common_test args
Update user config to use nested tuple keys
Allow mixed IPv4 and IPv6 addresses to sctp_bindx
Add checks for in6addr_any and in6addr_loopback
Fix SCTP multihoming
observer: fix app file (Noticed-by: Motiejus Jakstys)
Fix lib/src/test/ssh_basic_SUITE.erl to fix IPv6 option typos
Prevent index from being corrupted if a nonexistent item is deleted
Add tests showing that trying to delete non-existing object may corrupt the table index
Fix Table Viewer search crash on new|changed|deleted rows
Escape control characters in Table Viewer
Fix Table Viewer crash after a 'Found' -> 'Not found' search sequence
inet_drv.c: Set sockaddr lengths in inet_set_[f]address
Conflicts:
erts/preloaded/ebin/prim_inet.beam
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 28469dfa5f..bb26302fff 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -220,18 +220,23 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef, end, {Role, UserState0}} end, - {TrustedErlCert, CertPath} = - ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), - - case public_key:pkix_path_validation(TrustedErlCert, - CertPath, - [{max_path_length, - MaxPathLen}, - {verify_fun, ValidationFunAndState}]) of - {ok, {PublicKeyInfo,_}} -> - {PeerCert, PublicKeyInfo}; - {error, Reason} -> - path_validation_alert(Reason) + try + {TrustedErlCert, CertPath} = + ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), + case public_key:pkix_path_validation(TrustedErlCert, + CertPath, + [{max_path_length, + MaxPathLen}, + {verify_fun, ValidationFunAndState}]) of + {ok, {PublicKeyInfo,_}} -> + {PeerCert, PublicKeyInfo}; + {error, Reason} -> + path_validation_alert(Reason) + end + catch + error:_ -> + %% ASN-1 decode of certificate somehow failed + ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN) end. %%-------------------------------------------------------------------- |