diff options
author | Rory Byrne <rory@jinsky.com> | 2010-04-05 16:23:36 +0100 |
---|---|---|
committer | Rory Byrne <rory@jinsky.com> | 2010-04-05 17:57:38 +0100 |
commit | 16dafd19b34d1b458cf68857f65c7d3c77d6f291 (patch) | |
tree | ef5ac78d384207a5d3164fb5a5cc2bb2a720cc88 /lib/ssl/src | |
parent | c75443977b2957c8f0d35b0765c5a8b8859315f2 (diff) | |
download | otp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.tar.gz otp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.tar.bz2 otp-16dafd19b34d1b458cf68857f65c7d3c77d6f291.zip |
Fix verification of ssl client when fail_if_no_peer_cert
The SSL handshake fails when an ssl server is configured with the
'fail_if_no_peer_cert' option and a valid client sends its certificate
as instructed. On the server-side ssl:ssl_accept/2 will return
{error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert
(type 10) to the client.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 4ec90600e9..defcfa31bd 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -441,7 +441,8 @@ certify(#certificate{} = Cert, Opts#ssl_options.verify, Opts#ssl_options.verify_fun) of {PeerCert, PublicKeyInfo} -> - handle_peer_cert(PeerCert, PublicKeyInfo, State); + State1 = State#state{client_certificate_requested = false}, + handle_peer_cert(PeerCert, PublicKeyInfo, State1); #alert{} = Alert -> handle_own_alert(Alert, Version, certify_certificate, State), {stop, normal, State} |