[erlang-bugs] SSL client certificate verify problems (RSA)

Ingela Anderton Andin <>
Wed Oct 13 10:01:56 CEST 2010


Per Andersson wrote:
> Hi!
> When setting #ssl.verify = 2 (verify = verify_peer, fail_if_no_peer_cert = true;
> if I understand correctly), and the client sends a certificate the SSL
> connection crashes.
> The investigation I have made indicates that this happens when
> ssl_handshake:certificate_verify/6 is called, because PublicKey seems to be an
> integer() and public_key:decrypt_public/3 assumes PublicKey is a
> #'RSAPublicKey'.
> Should public_key:decrypt_public/3 be extended to also take PublicKey formatted
> as an integer()?
If the public key is an integer it suggests it is a dsa-key and not an 
rsa-key, and it should not
have ended up calling public_key:decrypt_public/3 rather calling 
public_key:verify/ 4.
Could you provides us with a way to repeat the problem? (Some dummy cert 
and keys perhaps?).
We have some test for client certs in ssl_to_openssl_SUITE.erl  using 
both rsa and dsa signed certs that all pass.

Regards Ingela Erlang/OTP team - Ericsson AB

More information about the erlang-bugs mailing list