2 files changed, 18 insertions, 13 deletions

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 28469dfa5f..bb26302fff 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -220,18 +220,23 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 		 end, {Role, UserState0}}
 	end,
 
-    {TrustedErlCert, CertPath}  =
-	ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef),
-
-    case public_key:pkix_path_validation(TrustedErlCert,
-					 CertPath,
-					 [{max_path_length,
-					   MaxPathLen},
-					  {verify_fun, ValidationFunAndState}]) of
-	{ok, {PublicKeyInfo,_}} ->
-	    {PeerCert, PublicKeyInfo};
-	{error, Reason} ->
-	    path_validation_alert(Reason)
+    try
+	{TrustedErlCert, CertPath}  =
+	    ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef),
+	case public_key:pkix_path_validation(TrustedErlCert,
+					      CertPath,
+					     [{max_path_length,
+					       MaxPathLen},
+					      {verify_fun, ValidationFunAndState}]) of
+	    {ok, {PublicKeyInfo,_}} ->
+		{PeerCert, PublicKeyInfo};
+	    {error, Reason} ->
+		path_validation_alert(Reason)
+	end
+    catch
+	error:_ ->
+	    %% ASN-1 decode of certificate somehow failed
+	    ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN)
     end.
 
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index 1daf9640ab..41dc1bf0dc 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -81,7 +81,7 @@ certificate_verify(md5sha, _Version, Handshake) ->
     <<MD5/binary, SHA/binary>>;
 
 certificate_verify(HashAlgo, _Version, Handshake) ->
-    Hash = crypto:hash(HashAlgo, Handshake).
+    crypto:hash(HashAlgo, Handshake).
 
 -spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(),
 		 integer(), integer()) -> {binary(), binary(), binary(),