diff options
author | Ingela Anderton Andin <[email protected]> | 2018-07-17 14:23:47 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-07-17 14:41:20 +0200 |
commit | dcd0547dd2e1a78f89dced3ca5918ae539b11de3 (patch) | |
tree | 64f276eac4c209c384f91620aa0b08a2a9a34853 | |
parent | 857156bcadae45fe112911bd7ca735ac6f3ca9d2 (diff) | |
download | otp-dcd0547dd2e1a78f89dced3ca5918ae539b11de3.tar.gz otp-dcd0547dd2e1a78f89dced3ca5918ae539b11de3.tar.bz2 otp-dcd0547dd2e1a78f89dced3ca5918ae539b11de3.zip |
ssl: Engine key trumps certfile option
-rw-r--r-- | lib/ssl/src/ssl_config.erl | 6 | ||||
-rw-r--r-- | lib/ssl/test/ssl_engine_SUITE.erl | 15 |
2 files changed, 18 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_config.erl b/lib/ssl/src/ssl_config.erl index 022fb7eac0..81b18c15af 100644 --- a/lib/ssl/src/ssl_config.erl +++ b/lib/ssl/src/ssl_config.erl @@ -91,9 +91,9 @@ init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, server end; init_certificates(Cert, Config, _, _) -> {ok, Config#{own_certificate => Cert}}. -init_private_key(_, #{algorithm := Alg} = Key, <<>>, _Password, _Client) when Alg == ecdsa; - Alg == rsa; - Alg == dss -> +init_private_key(_, #{algorithm := Alg} = Key, _, _Password, _Client) when Alg == ecdsa; + Alg == rsa; + Alg == dss -> case maps:is_key(engine, Key) andalso maps:is_key(key_id, Key) of true -> Key; diff --git a/lib/ssl/test/ssl_engine_SUITE.erl b/lib/ssl/test/ssl_engine_SUITE.erl index 71891356e8..8025e4e0ed 100644 --- a/lib/ssl/test/ssl_engine_SUITE.erl +++ b/lib/ssl/test/ssl_engine_SUITE.erl @@ -117,8 +117,23 @@ private_key(Config) when is_list(Config) -> EngineServerConf = [{key, #{algorithm => rsa, engine => Engine, key_id => ServerKey}} | proplists:delete(key, ServerConf)], + + EngineFileClientConf = [{key, #{algorithm => rsa, + engine => Engine, + key_id => ClientKey}} | + proplists:delete(keyfile, FileClientConf)], + + EngineFileServerConf = [{key, #{algorithm => rsa, + engine => Engine, + key_id => ServerKey}} | + proplists:delete(keyfile, FileServerConf)], + %% Test with engine test_tls_connection(EngineServerConf, EngineClientConf, Config), + + %% Test with engine and present file arugments + test_tls_connection(EngineFileServerConf, EngineFileClientConf, Config), + %% Test that sofware fallback is available test_tls_connection(ServerConf, [{reuse_sessions, false} |ClientConf], Config). |