diff options
author | Andreas Schultz <[email protected]> | 2012-09-20 14:42:40 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-03-28 11:29:37 +0100 |
commit | 52a70455853d625f8e92c1c5e7f22b6f75adff63 (patch) | |
tree | 29f803f99ae03b3dfea8795c8d5909c735878c11 /lib/ssl/src/ssl.erl | |
parent | d8144ef38f7e18230349100bbdee1da4c723fd94 (diff) | |
download | otp-52a70455853d625f8e92c1c5e7f22b6f75adff63.tar.gz otp-52a70455853d625f8e92c1c5e7f22b6f75adff63.tar.bz2 otp-52a70455853d625f8e92c1c5e7f22b6f75adff63.zip |
SSL: add TLS-SRP (RFC 5054) cipher suites
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 0381f81edd..d5f5fa6b04 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -37,6 +37,7 @@ -include("ssl_record.hrl"). -include("ssl_cipher.hrl"). -include("ssl_handshake.hrl"). +-include("ssl_srp_primes.hrl"). -include_lib("public_key/include/public_key.hrl"). @@ -67,6 +68,7 @@ {cacertfile, path()} | {dh, Der::binary()} | {dhfile, path()} | {user_lookup_fun, {fun(), InitialUserState::term()}} | {psk_identity, string()} | + {srp_identity, {string(), string()}} | {ciphers, ciphers()} | {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()} | {hibernate_after, integer()|undefined} | {next_protocols_advertised, list(binary())} | @@ -639,6 +641,7 @@ handle_options(Opts0, _Role) -> dhfile = handle_option(dhfile, Opts, undefined), user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined), psk_identity = handle_option(psk_identity, Opts, undefined), + srp_identity = handle_option(srp_identity, Opts, undefined), ciphers = handle_option(ciphers, Opts, []), %% Server side option reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun), @@ -659,7 +662,7 @@ handle_options(Opts0, _Role) -> fail_if_no_peer_cert, verify_client_once, depth, cert, certfile, key, keyfile, password, cacerts, cacertfile, dh, dhfile, - user_lookup_fun, psk_identity, ciphers, + user_lookup_fun, psk_identity, srp_identity, ciphers, reuse_session, reuse_sessions, ssl_imp, cb_info, renegotiate_at, secure_renegotiate, hibernate_after, erl_dist, next_protocols_advertised, @@ -770,6 +773,11 @@ validate_option(user_lookup_fun, undefined) -> undefined; validate_option(user_lookup_fun, {Fun, _} = Value) when is_function(Fun, 3) -> Value; +validate_option(srp_identity, undefined) -> + undefined; +validate_option(srp_identity, {Username, Password}) + when is_list(Username), is_list(Password), Username =/= "", length(Username) =< 255 -> + {list_to_binary(Username), list_to_binary(Password)}; validate_option(ciphers, Value) when is_list(Value) -> Version = ssl_record:highest_protocol_version([]), try cipher_suites(Version, Value) @@ -942,7 +950,8 @@ cipher_suites(Version, [{_,_,_}| _] = Ciphers0) -> cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) -> Supported = ssl_cipher:suites(Version) ++ ssl_cipher:anonymous_suites() - ++ ssl_cipher:psk_suites(Version), + ++ ssl_cipher:psk_suites(Version) + ++ ssl_cipher:srp_suites(), case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of [] -> Supported; |