From 1df633b6c91de483425b059daadf84984b2f49c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 19 Jun 2019 10:11:20 +0200
Subject: ssl: Backport fix for signature_algorithms_cert

This commit fixes interoperability problems with openssl when
the TLS 1.3 server is using the option signature_algs_cert.

In such cases the signature_algorithms_cert extension was encoded
as a signature_algorithms extension and openssl s_client returned
an Illegal Parameter Alert due to its filtering of extension
duplicates.
---
 lib/ssl/src/tls_handshake_1_3.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 8a4ad922e1..e83b3f63bb 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -111,7 +111,7 @@ add_signature_algorithms_cert(Extensions, undefined) ->
     Extensions;
 add_signature_algorithms_cert(Extensions, SignAlgsCert) ->
     Extensions#{signature_algorithms_cert =>
-                    #signature_algorithms{signature_scheme_list = SignAlgsCert}}.
+                    #signature_algorithms_cert{signature_scheme_list = SignAlgsCert}}.
 
 
 filter_tls13_algs(undefined) -> undefined;
-- 
cgit v1.2.3