From 4d24ae9a4d4b96a3791eb3def2c672d7ec644c8c Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 19 Oct 2010 09:29:02 +0200
Subject: Correct handling of client certificate verify message

When checking the client certificate verify message the server used
the wrong algorithm identifier to determine the signing algorithm,
causing a function clause error in the public_key application when the
key-exchange algorithm and the public key algorithm of the client
certificate happen to differ.
---
 lib/ssl/src/ssl_tls1.erl | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'lib/ssl/src/ssl_tls1.erl')

diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index d1bc0730ba..dd66418dd8 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -60,15 +60,14 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) ->
     SHA = hash_final(?SHA, SHAHash),
     prf(MasterSecret, finished_label(Role), [MD5, SHA], 12).
 
--spec certificate_verify(key_algo(), {binary(), binary()}) -> binary().
+-spec certificate_verify(OID::tuple(), {binary(), binary()}) -> binary().
 
-certificate_verify(Algorithm, {MD5Hash, SHAHash}) when Algorithm == rsa;
-						       Algorithm == dhe_rsa ->
+certificate_verify(?'rsaEncryption', {MD5Hash, SHAHash}) ->
     MD5 = hash_final(?MD5, MD5Hash),
     SHA = hash_final(?SHA, SHAHash),
     <<MD5/binary, SHA/binary>>;
 
-certificate_verify(dhe_dss, {_, SHAHash}) ->
+certificate_verify(?'id-dsa', {_, SHAHash}) ->
     hash_final(?SHA, SHAHash).
 
 -spec setup_keys(binary(), binary(), binary(), integer(), 
-- 
cgit v1.2.3