[erlang-patches] support md2WithRSAEncryption certificates

Henrik Nord henrik@REDACTED
Mon Aug 8 14:52:14 CEST 2011


On 08/06/2011 08:47 PM, Christian von Roques wrote:
> I've added support for md2WithRSAEncryption certificates to public_key
> and the necessary support for md2 to crypto:rsa_sign/3 and
> crypto:rsa_verify/4.
>
> 	git fetch git://github.com/roques/otp.git md2WithRSAEncryption
>
>
> I did this to solve the following urgent problem, which others might
> stumble upon in the future as well: One of our service providers
> switched their SSL-certificate.  The new certificate is issued by
> "VeriSign International Server CA - Class 3", which is included in many
> collections of trusted root certificates.  However, to be supported by
> ancient software VeriSign's Class 3 certificate itself is issued by
> VeriSign's "Class 3 Public Primary Certification Authority", which is a
> self-signed md2WithRSAEncryption certificate.  All this would not be a
> problem in itself, our service provider however has bundled his
> certificate with the complete certificate chain up to and *including*
> VeriSign's md2WithRSAEncryption root-certificate.  This mistake causes
> OTP's ssl to try and fail to verify the self-signature of VeriSign's
> root-certificate, because it does not yet know how to check
> md2WithRSAEncryption signatures.
>
> Attempts to solve the problem via polite requests to our service
> provider not to include VeriSign's root certificate in the certificate
> chain up to now just got "upgrade your Java to a current version"
> replies.  --- I'm not sure if my patch counts as "upgrading Java", but
> it solves the problem :-)
>
> 	Christian.
>
>
>
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
Thank you for the contribution.
Your branch is now included in 'pu'

-- 
/Henrik Nord Erlang/OTP




More information about the erlang-patches mailing list