From 16dafd19b34d1b458cf68857f65c7d3c77d6f291 Mon Sep 17 00:00:00 2001
From: Rory Byrne <rory@jinsky.com>
Date: Mon, 5 Apr 2010 16:23:36 +0100
Subject: Fix verification of ssl client when fail_if_no_peer_cert

The SSL handshake fails when an ssl server is configured with the
'fail_if_no_peer_cert' option and a valid client sends its certificate
as instructed. On the server-side ssl:ssl_accept/2 will return
{error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert
(type 10) to the client.
---
 lib/ssl/src/ssl_connection.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 4ec90600e9..defcfa31bd 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -441,7 +441,8 @@ certify(#certificate{} = Cert,
 			       Opts#ssl_options.verify,
 			       Opts#ssl_options.verify_fun) of
         {PeerCert, PublicKeyInfo} ->
-	    handle_peer_cert(PeerCert, PublicKeyInfo, State);
+	    State1 = State#state{client_certificate_requested = false},
+	    handle_peer_cert(PeerCert, PublicKeyInfo, State1);
 	#alert{} = Alert ->
             handle_own_alert(Alert, Version, certify_certificate, State),
             {stop, normal, State}
-- 
cgit v1.2.3