diff options
author | Ingela Anderton Andin <[email protected]> | 2017-08-14 09:52:26 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-08-23 08:53:56 +0200 |
commit | 7e3d979418747e30e55274c6b5ea805625e19dc4 (patch) | |
tree | 0d216bee26db0adf98b2f015e8e755d13372d845 /lib/ssl/src/ssl_connection.erl | |
parent | eb4ef92b083f9874b5b4db1f1060585fbb653779 (diff) | |
download | otp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.gz otp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.bz2 otp-7e3d979418747e30e55274c6b5ea805625e19dc4.zip |
ssl: negotiated_hashsign/4 expects TLS version to function correctly
Only DTLS specific code deals with DTLS version, when common code
is used the DTLS version should be converted to the corresponding TLS version.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 1afc4ad2af..5cd66387ae 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -673,10 +673,11 @@ cipher(internal, #certificate_verify{signature = Signature, tls_handshake_history = Handshake } = State0, Connection) -> + TLSVersion = ssl:tls_version(Version), %% Use negotiated value if TLS-1.2 otherwhise return default - HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, Version), + HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion), case ssl_handshake:certificate_verify(Signature, PublicKeyInfo, - ssl:tls_version(Version), HashSign, MasterSecret, Handshake) of + TLSVersion, HashSign, MasterSecret, Handshake) of valid -> {Record, State} = Connection:next_record(State0), Connection:next_event(cipher, Record, |