From mcampbell@REDACTED  Tue Feb  9 18:14:51 2016
From: mcampbell@REDACTED (Matthew Campbell)
Date: Tue, 9 Feb 2016 11:14:51 -0600
Subject: [erlang-patches] ssl: bug fix: verify cert signature against
	original cert DER
Message-ID: <630A9335-4674-4D6A-9F19-E271F831C20C@chef.io>


Our Erlang/OTP program calls out to a third-party web service over HTTPS. That web server's certificate includes the `id-ce-keyUsage` extension with typical values for a web server: `digitalSignature` and `keyEncipherment`. However, the bit string representation for this value is encoded in a nonstandard way:

    733:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
    738:d=5  hl=2 l=   1 prim: BOOLEAN           :255
    741:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030200A0

The `00` byte indicates zero unused bits in the bit-string. Standard encoding has `05` instead, since only bits 1 and 3 are set, leaving 5 trailing zero bits.

This certificate parses just fine in OTP, but because it does not include the necessary fields in its `id-ce-authorityKeyIdentifier` extension the issuer must be looked-up in the CertDB. Because OTP encodes the key usages according to standard as hex `030205A0`, the process of re-encoding the certificate when searching for the issuer in the CertDB causes signature verification to fail erroneously, causing our program's client to fail validation of the server's certificate with the alert `unknown_ca`.

My patch provided the original binary DER to the `pkix_verify` function used during the fold over the CertDB, avoiding false negatives due to differences
between DER encoding implementations of OTP and other platforms. PR submitted at https://github.com/erlang/otp/pull/958

git fetch git://github.com/xenolinguist/otp.git mc/ssl_patch

https://github.com/erlang/otp/compare/maint...xenolinguist:mc/ssl_patch
https://github.com/erlang/otp/compare/maint...xenolinguist:mc/ssl_patch.patch