bug in SSL-PKIX certificate parser
Fredrik Thulin
ft@REDACTED
Tue Jun 28 21:42:57 CEST 2005
Hi
I've managed to create an invalid certificate that crashes Erlang when
connecting to it. I was trying to create a certificate that was both a
client and server, and ended up with a certificate that was neither ;).
Anyways, here is how to make the bug manifest itself, using R10B-6.
Feel free to connect to the port 5061 at 193.11.25.104 for testing
purposes. I will leave the server with the invalid certificate there
under my vacation, so if nothing happens to the server it should be
there for a few weeks.
$ /pkg/erlang/R10B-6/bin/erl
Erlang (BEAM) emulator version 5.4.8 [source] [hipe]
Eshell V5.4.8 (abort with ^G)
1> application:start(ssl).
ok
2> {ok, S} = ssl:connect("193.11.25.104", 5061, []).
{ok,{sslsocket,4,<0.40.0>}}
3> ssl:peercert(S, [subject, ssl]).
=ERROR REPORT==== 28-Jun-2005::21:37:25 ===
Error in process <0.30.0> with exit value: {{badmatch,{error,{asn1,
{function_clause,[{'SSL-PKIX',getdec_SupportedExtensions,[id,
{2,16,840,1,113730,1,4}]},{'SSL-PKIX',dec_Extension,2},
{'SSL-PKIX',decode,2},{ssl_pkix,transform,1},{lists,map,2},
{ssl_pkix,transform,1},{ssl_pkix,transform,...
** exited: {{badmatch,{error,{asn1,{function_clause,
[{'SSL-PKIX',
getdec_SupportedExtensions,
[id,
{2,16,840,1,113730,1,4}]},
{'SSL-PKIX',dec_Extension,2},
{'SSL-PKIX',decode,2},
{ssl_pkix,transform,1},
{lists,map,2},
{ssl_pkix,transform,1},
{ssl_pkix,transform,1},
{ssl_pkix,decode_cert,2}]}}}},
[{ssl_pkix,transform,1},
{lists,map,2},
{ssl_pkix,transform,1},
{ssl_pkix,transform,1},
{ssl_pkix,decode_cert,2},
{erl_eval,do_apply,5},
{shell,exprs,6},
{shell,eval_loop,3}]} **
4>
/Fredrik
More information about the erlang-questions
mailing list