diff options
author | John Högberg <[email protected]> | 2018-05-03 08:13:19 +0200 |
---|---|---|
committer | John Högberg <[email protected]> | 2018-05-03 08:13:19 +0200 |
commit | 26eea10dda1f316045e58e30a126feafe1843d3a (patch) | |
tree | 2908bab3b070a1e1c767c6fa038520f41834c6b8 /lib/ssl/src/ssl_connection.erl | |
parent | 0de7634ca20ff7d8dec143b92130cd04025557fc (diff) | |
parent | b5b627ded69445c06e8fbe34cda3421854c5582e (diff) | |
download | otp-26eea10dda1f316045e58e30a126feafe1843d3a.tar.gz otp-26eea10dda1f316045e58e30a126feafe1843d3a.tar.bz2 otp-26eea10dda1f316045e58e30a126feafe1843d3a.zip |
Merge branch 'maint-20' into maint
* maint-20:
Updated OTP version
Update release notes
Update version numbers
ssl: Prepare for release
ssl: Proper handling of clients that choose to send an empty answer to a certificate request
heart: Use ntohs instead of manual conversion
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 63fae78195..64ecc29b97 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -709,6 +709,22 @@ certify(internal, #server_key_exchange{exchange_keys = Keys}, Version, ?FUNCTION_NAME, State) end end; +certify(internal, #certificate_request{}, + #state{role = client, negotiated_version = Version, + key_algorithm = Alg} = State, _) + when Alg == dh_anon; Alg == ecdh_anon; + Alg == psk; Alg == dhe_psk; Alg == ecdhe_psk; Alg == rsa_psk; + Alg == srp_dss; Alg == srp_rsa; Alg == srp_anon -> + handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), + Version, ?FUNCTION_NAME, State); +certify(internal, #certificate_request{}, + #state{session = #session{own_certificate = undefined}, + role = client} = State0, Connection) -> + %% The client does not have a certificate and will send an empty reply, the server may fail + %% or accept the connection by its own preference. No signature algorihms needed as there is + %% no certificate to verify. + {Record, State} = Connection:next_record(State0), + Connection:next_event(?FUNCTION_NAME, Record, State#state{client_certificate_requested = true}); certify(internal, #certificate_request{} = CertRequest, #state{session = #session{own_certificate = Cert}, role = client, |