[erlang-patches] support md2WithRSAEncryption certificates

Henrik Nord <>
Tue Sep 6 15:49:48 CEST 2011

On 08/06/2011 08:47 PM, Christian von Roques wrote:
> I've added support for md2WithRSAEncryption certificates to public_key
> and the necessary support for md2 to crypto:rsa_sign/3 and
> crypto:rsa_verify/4.
> 	git fetch git://github.com/roques/otp.git md2WithRSAEncryption
> I did this to solve the following urgent problem, which others might
> stumble upon in the future as well: One of our service providers
> switched their SSL-certificate.  The new certificate is issued by
> "VeriSign International Server CA - Class 3", which is included in many
> collections of trusted root certificates.  However, to be supported by
> ancient software VeriSign's Class 3 certificate itself is issued by
> VeriSign's "Class 3 Public Primary Certification Authority", which is a
> self-signed md2WithRSAEncryption certificate.  All this would not be a
> problem in itself, our service provider however has bundled his
> certificate with the complete certificate chain up to and *including*
> VeriSign's md2WithRSAEncryption root-certificate.  This mistake causes
> OTP's ssl to try and fail to verify the self-signature of VeriSign's
> root-certificate, because it does not yet know how to check
> md2WithRSAEncryption signatures.
> Attempts to solve the problem via polite requests to our service
> provider not to include VeriSign's root certificate in the certificate
> chain up to now just got "upgrade your Java to a current version"
> replies.  --- I'm not sure if my patch counts as "upgrading Java", but
> it solves the problem :-)
> 	Christian.
> _______________________________________________
> erlang-patches mailing list
> http://erlang.org/mailman/listinfo/erlang-patches

we would like you to correct the following for us to include this branch.

* add documentation for crypto
* add test case for crypto
* Split into two commits (crypto and public_key)


/Henrik Nord Erlang/OTP

More information about the erlang-patches mailing list