[erlang-bugs] SSL client certificate verify problems (RSA)

[Per Andersson]

Hi!

Thanks for your quick response!

On Wed, Oct 13, 2010 at 10:01 AM, Ingela Anderton Andin
<ingela@REDACTED> wrote:
> Hi!
>
> Per Andersson wrote:
>>
>> Hi!
>>
>> When setting #ssl.verify = 2 (verify = verify_peer, fail_if_no_peer_cert =
>> true;
>> if I understand correctly), and the client sends a certificate the SSL
>> connection crashes.
>>
>> The investigation I have made indicates that this happens when
>> ssl_handshake:certificate_verify/6 is called, because PublicKey seems to
>> be an
>> integer() and public_key:decrypt_public/3 assumes PublicKey is a
>> #'RSAPublicKey'.
>>
>>  Should public_key:decrypt_public/3 be extended to also take PublicKey
>> formatted
>> as an integer()?
>>
>>
>
> If the public key is an integer it suggests it is a dsa-key and not an
> rsa-key, and it should not
> have ended up calling public_key:decrypt_public/3 rather calling
> public_key:verify/ 4.

I understand.

>From what I can see the client cert is DSA (pubkey) and RSA (encryption).
Can this be the pressing issue?


> Could you provides us with a way to repeat the problem? (Some dummy cert and
> keys perhaps?).

I am using RBS WorldPays client certs, obviously I don't have the key for
this... CA and client certs attached, they are also available online

    https://crm.rbsworldpay.com/cgi-bin/rbsworldpay.cfg/php/enduser/std_adp.php?p_faqid=925


Best regards,
Per
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bibit.ca.pem
Type: application/octet-stream
Size: 1416 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20101013/a66d687a/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bibit.client.pem
Type: application/octet-stream
Size: 1774 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20101013/a66d687a/attachment-0001.obj>