diff options
Diffstat (limited to 'lib/ssl')
| -rw-r--r-- | lib/ssl/examples/src/client_server.erl | 24 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 29 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_tls1.erl | 2 | 
3 files changed, 28 insertions, 27 deletions
| diff --git a/lib/ssl/examples/src/client_server.erl b/lib/ssl/examples/src/client_server.erl index baf5a9185e..133a1764bc 100644 --- a/lib/ssl/examples/src/client_server.erl +++ b/lib/ssl/examples/src/client_server.erl @@ -1,7 +1,7 @@  %%  %% %CopyrightBegin%  %%  -%% Copyright Ericsson AB 2003-2009. All Rights Reserved. +%% Copyright Ericsson AB 2003-2012. All Rights Reserved.  %%   %% The contents of this file are subject to the Erlang Public License,  %% Version 1.1, (the "License"); you may not use this file except in @@ -21,18 +21,14 @@  -module(client_server). --export([start/0, start/1, init_connect/1]). +-export([start/0, init_connect/1]).  start() -> -    start([ssl, subject]). - -start(CertOpts) ->      %% Start ssl application +    application:start(crypto), +    application:start(public_key),      application:start(ssl), -    %% Always seed  -    ssl:seed("ellynatefttidppohjeh"), -      %% Let the current process be the server that listens and accepts      %% Listen      {ok, LSock} = ssl:listen(0, mk_opts(listen)), @@ -40,14 +36,14 @@ start(CertOpts) ->      io:fwrite("Listen: port = ~w.~n", [LPort]),      %% Spawn the client process that connects to the server -    spawn(?MODULE, init_connect, [{LPort, CertOpts}]), +    spawn(?MODULE, init_connect, [LPort]),      %% Accept      {ok, ASock} = ssl:transport_accept(LSock),      ok = ssl:ssl_accept(ASock),      io:fwrite("Accept: accepted.~n"), -    {ok, Cert} = ssl:peercert(ASock, CertOpts), -    io:fwrite("Accept: peer cert:~n~p~n", [Cert]), +    {ok, Cert} = ssl:peercert(ASock), +    io:fwrite("Accept: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]),      io:fwrite("Accept: sending \"hello\".~n"),      ssl:send(ASock, "hello"),      {error, closed} = ssl:recv(ASock, 0), @@ -59,12 +55,12 @@ start(CertOpts) ->  %% Client connect -init_connect({LPort, CertOpts}) -> +init_connect(LPort) ->      {ok, Host} = inet:gethostname(),       {ok, CSock} = ssl:connect(Host, LPort, mk_opts(connect)),      io:fwrite("Connect: connected.~n"), -    {ok, Cert} = ssl:peercert(CSock, CertOpts), -    io:fwrite("Connect: peer cert:~n~p~n", [Cert]), +    {ok, Cert} = ssl:peercert(CSock), +    io:fwrite("Connect: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]),      {ok, Data} = ssl:recv(CSock, 0),      io:fwrite("Connect: got data: ~p~n", [Data]),      io:fwrite("Connect: closing and terminating.~n"), diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 28469dfa5f..bb26302fff 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -220,18 +220,23 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,  		 end, {Role, UserState0}}  	end, -    {TrustedErlCert, CertPath}  = -	ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), - -    case public_key:pkix_path_validation(TrustedErlCert, -					 CertPath, -					 [{max_path_length, -					   MaxPathLen}, -					  {verify_fun, ValidationFunAndState}]) of -	{ok, {PublicKeyInfo,_}} -> -	    {PeerCert, PublicKeyInfo}; -	{error, Reason} -> -	    path_validation_alert(Reason) +    try +	{TrustedErlCert, CertPath}  = +	    ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), +	case public_key:pkix_path_validation(TrustedErlCert, +					      CertPath, +					     [{max_path_length, +					       MaxPathLen}, +					      {verify_fun, ValidationFunAndState}]) of +	    {ok, {PublicKeyInfo,_}} -> +		{PeerCert, PublicKeyInfo}; +	    {error, Reason} -> +		path_validation_alert(Reason) +	end +    catch +	error:_ -> +	    %% ASN-1 decode of certificate somehow failed +	    ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN)      end.  %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index 1daf9640ab..41dc1bf0dc 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -81,7 +81,7 @@ certificate_verify(md5sha, _Version, Handshake) ->      <<MD5/binary, SHA/binary>>;  certificate_verify(HashAlgo, _Version, Handshake) -> -    Hash = crypto:hash(HashAlgo, Handshake). +    crypto:hash(HashAlgo, Handshake).  -spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(),  		 integer(), integer()) -> {binary(), binary(), binary(), | 
