Merge branch 'ingela/ssl/handshake-handling/ERL-968/OTP-15879' into maint-21

* ingela/ssl/handshake-handling/ERL-968/OTP-15879: ssl: Correct handshake handling
author: Erlang/OTP <otp@erlang.org> 2019-06-17 16:50:19 +0200
committer: Erlang/OTP <otp@erlang.org> 2019-06-17 16:50:19 +0200
commit: 66ae1e444e2442bfa57e01d8c7b4005a8d69eb4e (patch)
tree: 90a385af644b4c6df57032d36de27993fef9dffe
parent: e922c52f274e63295c3adeb0ebc650bb695f828b (diff)
parent: faaf5bb3085d351715672684c6f6f9601ad1208a (diff)
download: erlang-66ae1e444e2442bfa57e01d8c7b4005a8d69eb4e.tar.gz
3 files changed, 42 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 9e7f6851c9..dea78a876f 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -357,7 +357,7 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
                                              CertDbHandle, CertDbRef)
 	end
     catch
-	error:{badmatch,{asn1, Asn1Reason}} ->
+	error:{badmatch,{error, {asn1, Asn1Reason}}} ->
 	    %% ASN-1 decode of certificate somehow failed
             ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN, {failed_to_decode_certificate, Asn1Reason});
         error:OtherReason ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index b88c7292a7..ae05a1f873 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -290,8 +290,7 @@ handle_protocol_record(#ssl_tls{type = ?HANDSHAKE, fragment = Data},
                     _ ->
                         HsEnv = State#state.handshake_env,
                         {next_state, StateName, 
-                         State#state{protocol_buffers = Buffers,
-                                     handshake_env = 
+                         State#state{handshake_env = 
                                          HsEnv#handshake_env{unprocessed_handshake_events 
                                                              = unprocessed_events(Events)}}, Events}
                 end
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index e89104a999..653a8d58bd 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -89,7 +89,8 @@ tests() ->
      critical_extension_verify_server,
      critical_extension_verify_none,
      customize_hostname_check,
-     incomplete_chain
+     incomplete_chain,
+     long_chain
     ].
 
 error_handling_tests()->
@@ -1156,6 +1157,44 @@ incomplete_chain(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+long_chain() ->
+    [{doc,"Test option verify_peer"}].
+long_chain(Config) when is_list(Config) ->      
+    #{server_config := ServerConf,
+      client_config := ClientConf} = public_key:pkix_test_data(#{server_chain => #{root => [{key, ssl_test_lib:hardcode_rsa_key(1)}],
+                                                                                  intermediates => [[{key, ssl_test_lib:hardcode_rsa_key(2)}], 
+                                                                                                    [{key, ssl_test_lib:hardcode_rsa_key(3)}],
+                                                                                                    [{key, ssl_test_lib:hardcode_rsa_key(4)}]],
+                                                                                  peer => [{key, ssl_test_lib:hardcode_rsa_key(5)}]},
+                                                                 client_chain => #{root => [{key, ssl_test_lib:hardcode_rsa_key(3)}], 
+                                                                                  intermediates => [[{key, ssl_test_lib:hardcode_rsa_key(2)}]],
+                                                                                  peer => [{key, ssl_test_lib:hardcode_rsa_key(1)}]}}), 
+    [ServerRoot| _] = ServerCas = proplists:get_value(cacerts, ServerConf),
+    ClientCas = proplists:get_value(cacerts, ClientConf),
+    
+    Active = proplists:get_value(active, Config),
+    ReceiveFunction =  proplists:get_value(receive_function, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+                                        {mfa, {ssl_test_lib, ReceiveFunction, []}},
+                                        {options, [{active, Active}, {verify, verify_peer},
+                                                   {cacerts, [ServerRoot]} |  
+                                                   proplists:delete(cacerts, ServerConf)]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+                                        {from, self()},
+                                        {mfa, {ssl_test_lib, ReceiveFunction, []}},
+                                        {options, [{active, Active}, 
+                                                   {verify, verify_peer},
+                                                   {depth, 5},
+                                                   {cacerts,  ServerCas ++ ClientCas} | 
+                                                   proplists:delete(cacerts, ClientConf)]}]),
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
 
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
author	Erlang/OTP <otp@erlang.org>	2019-06-17 16:50:19 +0200
committer	Erlang/OTP <otp@erlang.org>	2019-06-17 16:50:19 +0200
commit	66ae1e444e2442bfa57e01d8c7b4005a8d69eb4e (patch)
tree	90a385af644b4c6df57032d36de27993fef9dffe
parent	e922c52f274e63295c3adeb0ebc650bb695f828b (diff)
parent	faaf5bb3085d351715672684c6f6f9601ad1208a (diff)
download	erlang-66ae1e444e2442bfa57e01d8c7b4005a8d69eb4e.tar.gz