aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorRory Byrne <rory@jinsky.com>2010-04-05 16:23:36 +0100
committerRory Byrne <rory@jinsky.com>2010-04-05 17:57:38 +0100
commit16dafd19b34d1b458cf68857f65c7d3c77d6f291 (patch)
treeef5ac78d384207a5d3164fb5a5cc2bb2a720cc88 /lib/ssl/src
parentc75443977b2957c8f0d35b0765c5a8b8859315f2 (diff)
downloadotp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.tar.gz
otp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.tar.bz2
otp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.zip
Fix verification of ssl client when fail_if_no_peer_cert
The SSL handshake fails when an ssl server is configured with the 'fail_if_no_peer_cert' option and a valid client sends its certificate as instructed. On the server-side ssl:ssl_accept/2 will return {error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert (type 10) to the client.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_connection.erl3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 4ec90600e9..defcfa31bd 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -441,7 +441,8 @@ certify(#certificate{} = Cert,
Opts#ssl_options.verify,
Opts#ssl_options.verify_fun) of
{PeerCert, PublicKeyInfo} ->
- handle_peer_cert(PeerCert, PublicKeyInfo, State);
+ State1 = State#state{client_certificate_requested = false},
+ handle_peer_cert(PeerCert, PublicKeyInfo, State1);
#alert{} = Alert ->
handle_own_alert(Alert, Version, certify_certificate, State),
{stop, normal, State}