diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-06-28 18:50:09 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2016-07-08 14:26:57 +0200 |
| commit | d7dcfb26c0b044015ac9acd688b4f7e2b57e00ea (patch) | |
| tree | c01417b5ddd25753a2b2c625f7116f23bc4784d4 /lib/ssl/src/ssl_connection.erl | |
| parent | d24b133c5c48949048dc20c8a34b98b604a7bbc1 (diff) | |
| download | otp-d7dcfb26c0b044015ac9acd688b4f7e2b57e00ea.tar.gz otp-d7dcfb26c0b044015ac9acd688b4f7e2b57e00ea.tar.bz2 otp-d7dcfb26c0b044015ac9acd688b4f7e2b57e00ea.zip | |
ssl: Correct handling of signature algorithm selection
In TLS-1.2 the selection of the servers algorithms and the the
possible selection of algorithms for the client certificate verify
message have different requirements.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 53282998d0..adee59393e 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -528,13 +528,12 @@ certify(internal, #server_key_exchange{exchange_keys = Keys}, end end; -certify(internal, #certificate_request{hashsign_algorithms = HashSigns}, +certify(internal, #certificate_request{} = CertRequest, #state{session = #session{own_certificate = Cert}, - key_algorithm = KeyExAlg, + role = client, ssl_options = #ssl_options{signature_algs = SupportedHashSigns}, negotiated_version = Version} = State0, Connection) -> - - case ssl_handshake:select_hashsign(HashSigns, Cert, KeyExAlg, SupportedHashSigns, Version) of + case ssl_handshake:select_hashsign(CertRequest, Cert, SupportedHashSigns, Version) of #alert {} = Alert -> Connection:handle_own_alert(Alert, Version, certify, State0); NegotiatedHashSign -> |