3 files changed, 28 insertions, 27 deletions
diff --git a/lib/ssl/examples/src/client_server.erl b/lib/ssl/examples/src/client_server.erl
index baf5a9185e..133a1764bc 100644
--- a/lib/ssl/examples/src/client_server.erl
+++ b/lib/ssl/examples/src/client_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,18 +21,14 @@
 
 -module(client_server).
 
--export([start/0, start/1, init_connect/1]).
+-export([start/0, init_connect/1]).
 
 start() ->
-    start([ssl, subject]).
-
-start(CertOpts) ->
     %% Start ssl application
+    application:start(crypto),
+    application:start(public_key),
     application:start(ssl),
 
-    %% Always seed 
-    ssl:seed("ellynatefttidppohjeh"),
-
     %% Let the current process be the server that listens and accepts
     %% Listen
     {ok, LSock} = ssl:listen(0, mk_opts(listen)),
@@ -40,14 +36,14 @@ start(CertOpts) ->
     io:fwrite("Listen: port = ~w.~n", [LPort]),
 
     %% Spawn the client process that connects to the server
-    spawn(?MODULE, init_connect, [{LPort, CertOpts}]),
+    spawn(?MODULE, init_connect, [LPort]),
 
     %% Accept
     {ok, ASock} = ssl:transport_accept(LSock),
     ok = ssl:ssl_accept(ASock),
     io:fwrite("Accept: accepted.~n"),
-    {ok, Cert} = ssl:peercert(ASock, CertOpts),
-    io:fwrite("Accept: peer cert:~n~p~n", [Cert]),
+    {ok, Cert} = ssl:peercert(ASock),
+    io:fwrite("Accept: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]),
     io:fwrite("Accept: sending \"hello\".~n"),
     ssl:send(ASock, "hello"),
     {error, closed} = ssl:recv(ASock, 0),
@@ -59,12 +55,12 @@ start(CertOpts) ->
 
 
 %% Client connect
-init_connect({LPort, CertOpts}) ->
+init_connect(LPort) ->
     {ok, Host} = inet:gethostname(), 
     {ok, CSock} = ssl:connect(Host, LPort, mk_opts(connect)),
     io:fwrite("Connect: connected.~n"),
-    {ok, Cert} = ssl:peercert(CSock, CertOpts),
-    io:fwrite("Connect: peer cert:~n~p~n", [Cert]),
+    {ok, Cert} = ssl:peercert(CSock),
+    io:fwrite("Connect: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]),
     {ok, Data} = ssl:recv(CSock, 0),
     io:fwrite("Connect: got data: ~p~n", [Data]),
     io:fwrite("Connect: closing and terminating.~n"),
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 28469dfa5f..bb26302fff 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -220,18 +220,23 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 		 end, {Role, UserState0}}
 	end,
 
-    {TrustedErlCert, CertPath}  =
-	ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef),
-
-    case public_key:pkix_path_validation(TrustedErlCert,
-					 CertPath,
-					 [{max_path_length,
-					   MaxPathLen},
-					  {verify_fun, ValidationFunAndState}]) of
-	{ok, {PublicKeyInfo,_}} ->
-	    {PeerCert, PublicKeyInfo};
-	{error, Reason} ->
-	    path_validation_alert(Reason)
+    try
+	{TrustedErlCert, CertPath}  =
+	    ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef),
+	case public_key:pkix_path_validation(TrustedErlCert,
+					      CertPath,
+					     [{max_path_length,
+					       MaxPathLen},
+					      {verify_fun, ValidationFunAndState}]) of
+	    {ok, {PublicKeyInfo,_}} ->
+		{PeerCert, PublicKeyInfo};
+	    {error, Reason} ->
+		path_validation_alert(Reason)
+	end
+    catch
+	error:_ ->
+	    %% ASN-1 decode of certificate somehow failed
+	    ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN)
     end.
 
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index 1daf9640ab..41dc1bf0dc 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -81,7 +81,7 @@ certificate_verify(md5sha, _Version, Handshake) ->
     <<MD5/binary, SHA/binary>>;
 
 certificate_verify(HashAlgo, _Version, Handshake) ->
-    Hash = crypto:hash(HashAlgo, Handshake).
+    crypto:hash(HashAlgo, Handshake).
 
 -spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(),
 		 integer(), integer()) -> {binary(), binary(), binary(),