[erlang-bugs] SSL client certificate verify problems (RSA)
Ingela Anderton Andin
ingela@REDACTED
Wed Oct 13 10:01:56 CEST 2010
Hi!
Per Andersson wrote:
> Hi!
>
> When setting #ssl.verify = 2 (verify = verify_peer, fail_if_no_peer_cert = true;
> if I understand correctly), and the client sends a certificate the SSL
> connection crashes.
>
> The investigation I have made indicates that this happens when
> ssl_handshake:certificate_verify/6 is called, because PublicKey seems to be an
> integer() and public_key:decrypt_public/3 assumes PublicKey is a
> #'RSAPublicKey'.
>
>
> Should public_key:decrypt_public/3 be extended to also take PublicKey formatted
> as an integer()?
>
>
If the public key is an integer it suggests it is a dsa-key and not an
rsa-key, and it should not
have ended up calling public_key:decrypt_public/3 rather calling
public_key:verify/ 4.
Could you provides us with a way to repeat the problem? (Some dummy cert
and keys perhaps?).
We have some test for client certs in ssl_to_openssl_SUITE.erl using
both rsa and dsa signed certs that all pass.
Regards Ingela Erlang/OTP team - Ericsson AB
More information about the erlang-bugs
mailing list