aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-06-29 09:22:10 +0200
committerIngela Anderton Andin <[email protected]>2010-06-29 11:31:38 +0200
commitba903abd7e863f5a29ff4ab0d7a33547b0361de0 (patch)
treed4fe1d231466227267d0e9652c804cb7aee15303 /lib/ssl/src
parent5ef0b06ddbaa48499394c30d56fc81e7162abf50 (diff)
downloadotp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.tar.gz
otp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.tar.bz2
otp-ba903abd7e863f5a29ff4ab0d7a33547b0361de0.zip
The server now verifies the client certificate verify message correctly, instead of causing a case-clause.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_handshake.erl12
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 3811906d77..fcc30f6137 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -304,9 +304,15 @@ certificate_verify(Signature, {_, PublicKey, _}, Version,
end;
certificate_verify(Signature, {_, PublicKey, PublicKeyParams}, Version,
MasterSecret, dhe_dss = Algorithm, {_, Hashes0}) ->
- Hashes = calc_certificate_verify(Version, MasterSecret,
- Algorithm, Hashes0),
- public_key:verify_signature(Hashes, sha, Signature, PublicKey, PublicKeyParams).
+ Hashes = calc_certificate_verify(Version, MasterSecret,
+ Algorithm, Hashes0),
+ case public_key:verify_signature(Hashes, none, Signature, PublicKey, PublicKeyParams) of
+ true ->
+ valid;
+ false ->
+ ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE)
+ end.
+
%%--------------------------------------------------------------------
-spec certificate_request(#connection_states{}, certdb_ref()) ->
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 12:49:20 +0000