diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-10-19 09:29:02 +0200 |
|---|---|---|
| committer | Björn Gustavsson <[email protected]> | 2010-10-20 10:26:02 +0200 |
| commit | 4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c (patch) | |
| tree | 03550d1419dd581282a374dcbe9bc98272ec168a /lib/ssl/src/ssl_tls1.erl | |
| parent | c09fa792fad151f43cd3fa3d998b666a91badc5e (diff) | |
| download | otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.gz otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.tar.bz2 otp-4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c.zip | |
Correct handling of client certificate verify message
When checking the client certificate verify message the server used
the wrong algorithm identifier to determine the signing algorithm,
causing a function clause error in the public_key application when the
key-exchange algorithm and the public key algorithm of the client
certificate happen to differ.
Diffstat (limited to 'lib/ssl/src/ssl_tls1.erl')
| -rw-r--r-- | lib/ssl/src/ssl_tls1.erl | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index d1bc0730ba..dd66418dd8 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -60,15 +60,14 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) -> SHA = hash_final(?SHA, SHAHash), prf(MasterSecret, finished_label(Role), [MD5, SHA], 12). --spec certificate_verify(key_algo(), {binary(), binary()}) -> binary(). +-spec certificate_verify(OID::tuple(), {binary(), binary()}) -> binary(). -certificate_verify(Algorithm, {MD5Hash, SHAHash}) when Algorithm == rsa; - Algorithm == dhe_rsa -> +certificate_verify(?'rsaEncryption', {MD5Hash, SHAHash}) -> MD5 = hash_final(?MD5, MD5Hash), SHA = hash_final(?SHA, SHAHash), <<MD5/binary, SHA/binary>>; -certificate_verify(dhe_dss, {_, SHAHash}) -> +certificate_verify(?'id-dsa', {_, SHAHash}) -> hash_final(?SHA, SHAHash). -spec setup_keys(binary(), binary(), binary(), integer(), |