diff options
author | Ingela Anderton Andin <[email protected]> | 2010-10-19 09:29:02 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-10-20 10:26:02 +0200 |
commit | 4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c (patch) | |
tree | 03550d1419dd581282a374dcbe9bc98272ec168a /lib/ssl/src/ssl_ssl3.erl | |
parent | c09fa792fad151f43cd3fa3d998b666a91badc5e (diff) | |
download | otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.gz otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.bz2 otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.zip |
Correct handling of client certificate verify message
When checking the client certificate verify message the server used
the wrong algorithm identifier to determine the signing algorithm,
causing a function clause error in the public_key application when the
key-exchange algorithm and the public key algorithm of the client
certificate happen to differ.
Diffstat (limited to 'lib/ssl/src/ssl_ssl3.erl')
-rw-r--r-- | lib/ssl/src/ssl_ssl3.erl | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_ssl3.erl b/lib/ssl/src/ssl_ssl3.erl index 1add203fb0..f3cb6ad66e 100644 --- a/lib/ssl/src/ssl_ssl3.erl +++ b/lib/ssl/src/ssl_ssl3.erl @@ -79,10 +79,9 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) -> SHA = handshake_hash(?SHA, MasterSecret, Sender, SHAHash), <<MD5/binary, SHA/binary>>. --spec certificate_verify(key_algo(), binary(), {binary(), binary()}) -> binary(). +-spec certificate_verify(OID::tuple(), binary(), {binary(), binary()}) -> binary(). -certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash}) - when Algorithm == rsa; Algorithm == dhe_rsa -> +certificate_verify(?'rsaEncryption', MasterSecret, {MD5Hash, SHAHash}) -> %% md5_hash %% MD5(master_secret + pad_2 + %% MD5(handshake_messages + master_secret + pad_1)); @@ -94,7 +93,7 @@ certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash}) SHA = handshake_hash(?SHA, MasterSecret, undefined, SHAHash), <<MD5/binary, SHA/binary>>; -certificate_verify(dhe_dss, MasterSecret, {_, SHAHash}) -> +certificate_verify(?'id-dsa', MasterSecret, {_, SHAHash}) -> %% sha_hash %% SHA(master_secret + pad_2 + %% SHA(handshake_messages + master_secret + pad_1)); |