From 74e55d771666fc5a369f62ebf695fbd040aff997 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 3 Jun 2016 17:21:18 +0200
Subject: ssl: Reject unrequested client cert

---
 lib/ssl/src/ssl_connection.erl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b45c5c8fc6..90e0810241 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []},
 	Connection:next_record(State0#state{client_certificate_requested = false}),
     Connection:next_event(certify, Record, State);
 
+certify(internal, #certificate{},
+	#state{role = server,
+	       negotiated_version = Version,
+	       ssl_options = #ssl_options{verify = verify_none}} =
+	    State, Connection) ->
+    Alert =  ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate),
+    Connection:handle_own_alert(Alert, Version, certify, State);
+
 certify(internal, #certificate{} = Cert,
         #state{negotiated_version = Version,
 	       role = Role,
-- 
cgit v1.2.3