From 4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 19 Oct 2010 09:29:02 +0200 Subject: Correct handling of client certificate verify message When checking the client certificate verify message the server used the wrong algorithm identifier to determine the signing algorithm, causing a function clause error in the public_key application when the key-exchange algorithm and the public key algorithm of the client certificate happen to differ. --- lib/ssl/src/ssl_ssl3.erl | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/ssl/src/ssl_ssl3.erl') diff --git a/lib/ssl/src/ssl_ssl3.erl b/lib/ssl/src/ssl_ssl3.erl index 1add203fb0..f3cb6ad66e 100644 --- a/lib/ssl/src/ssl_ssl3.erl +++ b/lib/ssl/src/ssl_ssl3.erl @@ -79,10 +79,9 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) -> SHA = handshake_hash(?SHA, MasterSecret, Sender, SHAHash), <>. --spec certificate_verify(key_algo(), binary(), {binary(), binary()}) -> binary(). +-spec certificate_verify(OID::tuple(), binary(), {binary(), binary()}) -> binary(). -certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash}) - when Algorithm == rsa; Algorithm == dhe_rsa -> +certificate_verify(?'rsaEncryption', MasterSecret, {MD5Hash, SHAHash}) -> %% md5_hash %% MD5(master_secret + pad_2 + %% MD5(handshake_messages + master_secret + pad_1)); @@ -94,7 +93,7 @@ certificate_verify(Algorithm, MasterSecret, {MD5Hash, SHAHash}) SHA = handshake_hash(?SHA, MasterSecret, undefined, SHAHash), <>; -certificate_verify(dhe_dss, MasterSecret, {_, SHAHash}) -> +certificate_verify(?'id-dsa', MasterSecret, {_, SHAHash}) -> %% sha_hash %% SHA(master_secret + pad_2 + %% SHA(handshake_messages + master_secret + pad_1)); -- cgit v1.2.3