aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2019-01-21 15:59:02 +0100
committerPéter Dimitrov <[email protected]>2019-01-28 09:39:47 +0100
commitcf7cfd600cec515d464b113013e4554e55a8dc11 (patch)
treed2bb4fad7b9322e970cb84240960b2e8da6d3e00 /lib
parent51ac471d5bf861a0052543d9b8689f9b0d50ffc9 (diff)
downloadotp-cf7cfd600cec515d464b113013e4554e55a8dc11.tar.gz
otp-cf7cfd600cec515d464b113013e4554e55a8dc11.tar.bz2
otp-cf7cfd600cec515d464b113013e4554e55a8dc11.zip
ssl: Fix encoding of the Certificate message
Fix encoding of extensions in CertificateEntries. Change-Id: I776a2210d2aa51cde3be5e0bc87d9beb8d63825c
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/tls_handshake_1_3.erl25
1 files changed, 23 insertions, 2 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index ec3ec2214c..8dc5e86971 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -75,6 +75,28 @@ encrypted_extensions() ->
}.
%% TODO: use maybe monad for error handling!
+%% enum {
+%% X509(0),
+%% RawPublicKey(2),
+%% (255)
+%% } CertificateType;
+%%
+%% struct {
+%% select (certificate_type) {
+%% case RawPublicKey:
+%% /* From RFC 7250 ASN.1_subjectPublicKeyInfo */
+%% opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
+%%
+%% case X509:
+%% opaque cert_data<1..2^24-1>;
+%% };
+%% Extension extensions<0..2^16-1>;
+%% } CertificateEntry;
+%%
+%% struct {
+%% opaque certificate_request_context<0..2^8-1>;
+%% CertificateEntry certificate_list<0..2^24-1>;
+%% } Certificate;
certificate(OwnCert, CertDbHandle, CertDbRef, _CRContext, server) ->
case ssl_certificate:certificate_chain(OwnCert, CertDbHandle, CertDbRef) of
{ok, _, Chain} ->
@@ -222,9 +244,8 @@ encode_cert_entries([#certificate_entry{data = Data,
extensions = Exts} | Rest], Acc) ->
DSize = byte_size(Data),
BinExts = encode_extensions(Exts),
- ExtSize = byte_size(BinExts),
encode_cert_entries(Rest,
- [<<?UINT24(DSize), Data/binary, ?UINT16(ExtSize), BinExts/binary>> | Acc]).
+ [<<?UINT24(DSize), Data/binary, BinExts/binary>> | Acc]).
encode_algorithm(Algo) ->
Scheme = ssl_cipher:signature_scheme(Algo),