|
|
| Author |
Message |
< Erlang bugs mailing list ~ Fix crash when decoding commercial certificates |
| Guest |
 Posted: Thu Dec 03, 2009 7:33 pm |
 |
|
|
Guest
|
The Erlang ssl application assumes that it is fully aware of all
existing extensions, that they are in its list of SSL extensions, and
it is able to decode them.
However since this is not true commercial certificates containing the
id-pe-logotype extension crash the decoder. This is only one example
of an extension that the ssl application is unaware of.
This patch improves the behaviour by returning the OID tuple and raw
extension data for extensions that cannot be decoded.
git fetch git://github.com/dotsimon/otp.git ssl_pkix_extensions
The attached bare certificate (ie. the BEGIN/END CERTIFICATE lines
have been removed) can be used to test the fault and fix as shown:
{ok, Bin} = file:read_file("server.bare").
Cert = base64:decode(binary_to_list(Bin)).
ssl_pkix:decode_cert(Cert,[ssl]).
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Thu Dec 03, 2009 8:16 pm |
|
|
|
Guest
|
On Thu, Dec 3, 2009 at 8:32 PM, Simon Cornish <zl9d97p02@sneakemail.com> wrote:
> git fetch git://github.com/dotsimon/otp.git ssl_pkix_extensions
Thanks! I have included your branch in 'pu'.
There are two minor things that would be nice to fix:
1. Lines in the commit message are very long, so it is difficult to
read it in gitk.
2. Your email address does not seem to be configured in your git configuration.
Instructions for configuring your user information can now be found
at the beginning of:
http://wiki.github.com/erlang/otp/submitting-patches
If it is OK, I can break the lines in the commit message and replace
that local email address with the email that you have subscribed to this
list with.
--
Björn Gustavsson, Erlang/OTP, Ericsson AB
________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Dec 04, 2009 7:41 am |
|
|
|
Guest
|
Hmm, you should use the public_key application, though it is rather
undocumented 
The ssl_pkix module should not be used anymore.
Patches on (or documentation of) the public_key application would be great.
I don't know if I like the idea of continuing patching ssl_pkix.erl,
that will lead to more usage of a module we want to phase out.
/Dan
2009/12/3 Bj |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
