aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl.erl
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2012-09-20 14:42:40 +0200
committerIngela Anderton Andin <[email protected]>2013-03-28 11:29:37 +0100
commit52a70455853d625f8e92c1c5e7f22b6f75adff63 (patch)
tree29f803f99ae03b3dfea8795c8d5909c735878c11 /lib/ssl/src/ssl.erl
parentd8144ef38f7e18230349100bbdee1da4c723fd94 (diff)
downloadotp-52a70455853d625f8e92c1c5e7f22b6f75adff63.tar.gz
otp-52a70455853d625f8e92c1c5e7f22b6f75adff63.tar.bz2
otp-52a70455853d625f8e92c1c5e7f22b6f75adff63.zip
SSL: add TLS-SRP (RFC 5054) cipher suites
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r--lib/ssl/src/ssl.erl13
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 0381f81edd..d5f5fa6b04 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -37,6 +37,7 @@
-include("ssl_record.hrl").
-include("ssl_cipher.hrl").
-include("ssl_handshake.hrl").
+-include("ssl_srp_primes.hrl").
-include_lib("public_key/include/public_key.hrl").
@@ -67,6 +68,7 @@
{cacertfile, path()} | {dh, Der::binary()} | {dhfile, path()} |
{user_lookup_fun, {fun(), InitialUserState::term()}} |
{psk_identity, string()} |
+ {srp_identity, {string(), string()}} |
{ciphers, ciphers()} | {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} |
{reuse_session, fun()} | {hibernate_after, integer()|undefined} |
{next_protocols_advertised, list(binary())} |
@@ -639,6 +641,7 @@ handle_options(Opts0, _Role) ->
dhfile = handle_option(dhfile, Opts, undefined),
user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),
psk_identity = handle_option(psk_identity, Opts, undefined),
+ srp_identity = handle_option(srp_identity, Opts, undefined),
ciphers = handle_option(ciphers, Opts, []),
%% Server side option
reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
@@ -659,7 +662,7 @@ handle_options(Opts0, _Role) ->
fail_if_no_peer_cert, verify_client_once,
depth, cert, certfile, key, keyfile,
password, cacerts, cacertfile, dh, dhfile,
- user_lookup_fun, psk_identity, ciphers,
+ user_lookup_fun, psk_identity, srp_identity, ciphers,
reuse_session, reuse_sessions, ssl_imp,
cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
erl_dist, next_protocols_advertised,
@@ -770,6 +773,11 @@ validate_option(user_lookup_fun, undefined) ->
undefined;
validate_option(user_lookup_fun, {Fun, _} = Value) when is_function(Fun, 3) ->
Value;
+validate_option(srp_identity, undefined) ->
+ undefined;
+validate_option(srp_identity, {Username, Password})
+ when is_list(Username), is_list(Password), Username =/= "", length(Username) =< 255 ->
+ {list_to_binary(Username), list_to_binary(Password)};
validate_option(ciphers, Value) when is_list(Value) ->
Version = ssl_record:highest_protocol_version([]),
try cipher_suites(Version, Value)
@@ -942,7 +950,8 @@ cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
Supported = ssl_cipher:suites(Version)
++ ssl_cipher:anonymous_suites()
- ++ ssl_cipher:psk_suites(Version),
+ ++ ssl_cipher:psk_suites(Version)
+ ++ ssl_cipher:srp_suites(),
case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
[] ->
Supported;