aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_ssl3.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-10-19 09:29:02 +0200
committerBjörn Gustavsson <[email protected]>2010-10-20 10:26:02 +0200
commit4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c (patch)
tree03550d1419dd581282a374dcbe9bc98272ec168a /lib/ssl/src/ssl_ssl3.erl
parentc09fa792fad151f43cd3fa3d998b666a91badc5e (diff)
downloadotp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.gz
otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.bz2
otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.zip
Correct handling of client certificate verify message
When checking the client certificate verify message the server used the wrong algorithm identifier to determine the signing algorithm, causing a function clause error in the public_key application when the key-exchange algorithm and the public key algorithm of the client certificate happen to differ.
Diffstat (limited to 'lib/ssl/src/ssl_ssl3.erl')
-rw-r--r--lib/ssl/src/ssl_ssl3.erl7
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_ssl3.erl b/lib/ssl/src/ssl_ssl3.erl
index 1add203fb0..f3cb6ad66e 100644
--- a/lib/ssl/src/ssl_ssl3.erl
+++ b/lib/ssl/src/ssl_ssl3.erl
@@ -79,10 +79,9 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) ->
SHA = handshake_hash(?SHA, MasterSecret, Sender, SHAHash),
<<MD5/binary, SHA/binary>>.
--spec certificate_verify(key_algo(), binary(), {binary(), binary()}) -> binary().
+-spec certificate_verify(OID::tuple(), binary(), {binary(), binary()}) -> binary().
-certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash})
- when Algorithm == rsa; Algorithm == dhe_rsa ->
+certificate_verify(?'rsaEncryption', MasterSecret, {MD5Hash, SHAHash}) ->
%% md5_hash
%% MD5(master_secret + pad_2 +
%% MD5(handshake_messages + master_secret + pad_1));
@@ -94,7 +93,7 @@ certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash})
SHA = handshake_hash(?SHA, MasterSecret, undefined, SHAHash),
<<MD5/binary, SHA/binary>>;
-certificate_verify(dhe_dss, MasterSecret, {_, SHAHash}) ->
+certificate_verify(?'id-dsa', MasterSecret, {_, SHAHash}) ->
%% sha_hash
%% SHA(master_secret + pad_2 +
%% SHA(handshake_messages + master_secret + pad_1));