diff options
| author | Péter Dimitrov <[email protected]> | 2019-01-21 15:59:02 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-01-28 09:39:47 +0100 |
| commit | cf7cfd600cec515d464b113013e4554e55a8dc11 (patch) | |
| tree | d2bb4fad7b9322e970cb84240960b2e8da6d3e00 /lib | |
| parent | 51ac471d5bf861a0052543d9b8689f9b0d50ffc9 (diff) | |
| download | otp-cf7cfd600cec515d464b113013e4554e55a8dc11.tar.gz otp-cf7cfd600cec515d464b113013e4554e55a8dc11.tar.bz2 otp-cf7cfd600cec515d464b113013e4554e55a8dc11.zip | |
ssl: Fix encoding of the Certificate message
Fix encoding of extensions in CertificateEntries.
Change-Id: I776a2210d2aa51cde3be5e0bc87d9beb8d63825c
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index ec3ec2214c..8dc5e86971 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -75,6 +75,28 @@ encrypted_extensions() -> }. %% TODO: use maybe monad for error handling! +%% enum { +%% X509(0), +%% RawPublicKey(2), +%% (255) +%% } CertificateType; +%% +%% struct { +%% select (certificate_type) { +%% case RawPublicKey: +%% /* From RFC 7250 ASN.1_subjectPublicKeyInfo */ +%% opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; +%% +%% case X509: +%% opaque cert_data<1..2^24-1>; +%% }; +%% Extension extensions<0..2^16-1>; +%% } CertificateEntry; +%% +%% struct { +%% opaque certificate_request_context<0..2^8-1>; +%% CertificateEntry certificate_list<0..2^24-1>; +%% } Certificate; certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) -> case ssl_certificate:certificate_chain(OwnCert, CertDbHandle, CertDbRef) of {ok, _, Chain} -> @@ -222,9 +244,8 @@ encode_cert_entries([#certificate_entry{data = Data, extensions = Exts} | Rest], Acc) -> DSize = byte_size(Data), BinExts = encode_extensions(Exts), - ExtSize = byte_size(BinExts), encode_cert_entries(Rest, - [<<?UINT24(DSize), Data/binary, ?UINT16(ExtSize), BinExts/binary>> | Acc]). + [<<?UINT24(DSize), Data/binary, BinExts/binary>> | Acc]). encode_algorithm(Algo) -> Scheme = ssl_cipher:signature_scheme(Algo), |