bug in SSL-PKIX certificate parser

Fredrik Thulin <>
Tue Jun 28 21:42:57 CEST 2005


Hi

I've managed to create an invalid certificate that crashes Erlang when 
connecting to it. I was trying to create a certificate that was both a 
client and server, and ended up with a certificate that was neither ;).

Anyways, here is how to make the bug manifest itself, using R10B-6. 
Feel free to connect to the port 5061 at 193.11.25.104 for testing 
purposes. I will leave the server with the invalid certificate there 
under my vacation, so if nothing happens to the server it should be 
there for a few weeks.

$ /pkg/erlang/R10B-6/bin/erl
Erlang (BEAM) emulator version 5.4.8 [source] [hipe]

Eshell V5.4.8  (abort with ^G)
1> application:start(ssl).
ok
2> {ok, S} = ssl:connect("193.11.25.104", 5061, []).
{ok,{sslsocket,4,<0.40.0>}}
3> ssl:peercert(S, [subject, ssl]).

=ERROR REPORT==== 28-Jun-2005::21:37:25 ===
Error in process <0.30.0> with exit value: {{badmatch,{error,{asn1,
{function_clause,[{'SSL-PKIX',getdec_SupportedExtensions,[id,
{2,16,840,1,113730,1,4}]},{'SSL-PKIX',dec_Extension,2},
{'SSL-PKIX',decode,2},{ssl_pkix,transform,1},{lists,map,2},
{ssl_pkix,transform,1},{ssl_pkix,transform,...

** exited: {{badmatch,{error,{asn1,{function_clause,
                                       [{'SSL-PKIX',
                                            getdec_SupportedExtensions,
                                            [id,
{2,16,840,1,113730,1,4}]},
                                        {'SSL-PKIX',dec_Extension,2},
                                        {'SSL-PKIX',decode,2},
                                        {ssl_pkix,transform,1},
                                        {lists,map,2},
                                        {ssl_pkix,transform,1},
                                        {ssl_pkix,transform,1},
                                        {ssl_pkix,decode_cert,2}]}}}},
            [{ssl_pkix,transform,1},
             {lists,map,2},
             {ssl_pkix,transform,1},
             {ssl_pkix,transform,1},
             {ssl_pkix,decode_cert,2},
             {erl_eval,do_apply,5},
             {shell,exprs,6},
             {shell,eval_loop,3}]} **
4> 

/Fredrik



More information about the erlang-questions mailing list