diff options
| author | Ingela Anderton Andin <[email protected]> | 2017-08-14 09:52:26 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2017-08-23 08:53:56 +0200 |
| commit | 7e3d979418747e30e55274c6b5ea805625e19dc4 (patch) | |
| tree | 0d216bee26db0adf98b2f015e8e755d13372d845 | |
| parent | eb4ef92b083f9874b5b4db1f1060585fbb653779 (diff) | |
| download | otp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.gz otp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.bz2 otp-7e3d979418747e30e55274c6b5ea805625e19dc4.zip | |
ssl: negotiated_hashsign/4 expects TLS version to function correctly
Only DTLS specific code deals with DTLS version, when common code
is used the DTLS version should be converted to the corresponding TLS version.
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 1afc4ad2af..5cd66387ae 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -673,10 +673,11 @@ cipher(internal, #certificate_verify{signature = Signature, tls_handshake_history = Handshake } = State0, Connection) -> + TLSVersion = ssl:tls_version(Version), %% Use negotiated value if TLS-1.2 otherwhise return default - HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, Version), + HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion), case ssl_handshake:certificate_verify(Signature, PublicKeyInfo, - ssl:tls_version(Version), HashSign, MasterSecret, Handshake) of + TLSVersion, HashSign, MasterSecret, Handshake) of valid -> {Record, State} = Connection:next_record(State0), Connection:next_event(cipher, Record, |