diff options
Diffstat (limited to 'lib/ssl')
| -rw-r--r-- | lib/ssl/examples/src/client_server.erl | 24 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 29 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_tls1.erl | 2 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 2 |
4 files changed, 29 insertions, 28 deletions
diff --git a/lib/ssl/examples/src/client_server.erl b/lib/ssl/examples/src/client_server.erl index baf5a9185e..133a1764bc 100644 --- a/lib/ssl/examples/src/client_server.erl +++ b/lib/ssl/examples/src/client_server.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2003-2009. All Rights Reserved. +%% Copyright Ericsson AB 2003-2012. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -21,18 +21,14 @@ -module(client_server). --export([start/0, start/1, init_connect/1]). +-export([start/0, init_connect/1]). start() -> - start([ssl, subject]). - -start(CertOpts) -> %% Start ssl application + application:start(crypto), + application:start(public_key), application:start(ssl), - %% Always seed - ssl:seed("ellynatefttidppohjeh"), - %% Let the current process be the server that listens and accepts %% Listen {ok, LSock} = ssl:listen(0, mk_opts(listen)), @@ -40,14 +36,14 @@ start(CertOpts) -> io:fwrite("Listen: port = ~w.~n", [LPort]), %% Spawn the client process that connects to the server - spawn(?MODULE, init_connect, [{LPort, CertOpts}]), + spawn(?MODULE, init_connect, [LPort]), %% Accept {ok, ASock} = ssl:transport_accept(LSock), ok = ssl:ssl_accept(ASock), io:fwrite("Accept: accepted.~n"), - {ok, Cert} = ssl:peercert(ASock, CertOpts), - io:fwrite("Accept: peer cert:~n~p~n", [Cert]), + {ok, Cert} = ssl:peercert(ASock), + io:fwrite("Accept: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]), io:fwrite("Accept: sending \"hello\".~n"), ssl:send(ASock, "hello"), {error, closed} = ssl:recv(ASock, 0), @@ -59,12 +55,12 @@ start(CertOpts) -> %% Client connect -init_connect({LPort, CertOpts}) -> +init_connect(LPort) -> {ok, Host} = inet:gethostname(), {ok, CSock} = ssl:connect(Host, LPort, mk_opts(connect)), io:fwrite("Connect: connected.~n"), - {ok, Cert} = ssl:peercert(CSock, CertOpts), - io:fwrite("Connect: peer cert:~n~p~n", [Cert]), + {ok, Cert} = ssl:peercert(CSock), + io:fwrite("Connect: peer cert:~n~p~n", [public_key:pkix_decode_cert(Cert, otp)]), {ok, Data} = ssl:recv(CSock, 0), io:fwrite("Connect: got data: ~p~n", [Data]), io:fwrite("Connect: closing and terminating.~n"), diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 28469dfa5f..bb26302fff 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -220,18 +220,23 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef, end, {Role, UserState0}} end, - {TrustedErlCert, CertPath} = - ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), - - case public_key:pkix_path_validation(TrustedErlCert, - CertPath, - [{max_path_length, - MaxPathLen}, - {verify_fun, ValidationFunAndState}]) of - {ok, {PublicKeyInfo,_}} -> - {PeerCert, PublicKeyInfo}; - {error, Reason} -> - path_validation_alert(Reason) + try + {TrustedErlCert, CertPath} = + ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), + case public_key:pkix_path_validation(TrustedErlCert, + CertPath, + [{max_path_length, + MaxPathLen}, + {verify_fun, ValidationFunAndState}]) of + {ok, {PublicKeyInfo,_}} -> + {PeerCert, PublicKeyInfo}; + {error, Reason} -> + path_validation_alert(Reason) + end + catch + error:_ -> + %% ASN-1 decode of certificate somehow failed + ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN) end. %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index 1daf9640ab..41dc1bf0dc 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -81,7 +81,7 @@ certificate_verify(md5sha, _Version, Handshake) -> <<MD5/binary, SHA/binary>>; certificate_verify(HashAlgo, _Version, Handshake) -> - Hash = crypto:hash(HashAlgo, Handshake). + crypto:hash(HashAlgo, Handshake). -spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(), integer(), integer()) -> {binary(), binary(), binary(), diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index b39c995552..63731ee25c 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -150,7 +150,7 @@ run_client(Opts) -> {ok, Socket} -> Pid ! { connected, Socket }, test_server:format("Client: connected~n", []), - %% In specail cases we want to know the client port, it will + %% In special cases we want to know the client port, it will %% be indicated by sending {port, 0} in options list! send_selected_port(Pid, proplists:get_value(port, Options), Socket), {Module, Function, Args} = proplists:get_value(mfa, Opts), |