diff options
| author | Ingela Anderton Andin <[email protected]> | 2017-10-17 16:21:15 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2017-10-17 16:21:15 +0200 |
| commit | 290c920aca365968ebaa10a63e25fd2579bce408 (patch) | |
| tree | 42b697cfa0b502741758865f38eed4ed2941fbb4 /lib/ssl/src/ssl_connection.erl | |
| parent | 82489e794c015742f8879438394fa8a2f4c6fd1b (diff) | |
| parent | 7d05f57c2182626aaaee4a7c164d4bb6a7b9e38c (diff) | |
| download | otp-290c920aca365968ebaa10a63e25fd2579bce408.tar.gz otp-290c920aca365968ebaa10a63e25fd2579bce408.tar.bz2 otp-290c920aca365968ebaa10a63e25fd2579bce408.zip | |
Merge branch 'ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655' into maint
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 32a990f5b7..2146a9272e 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -496,12 +496,13 @@ certify(internal, #certificate{}, certify(internal, #certificate{} = Cert, #state{negotiated_version = Version, role = Role, + host = Host, cert_db = CertDbHandle, cert_db_ref = CertDbRef, crl_db = CRLDbInfo, ssl_options = Opts} = State, Connection) -> case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, - Opts, CRLDbInfo, Role) of + Opts, CRLDbInfo, Role, Host) of {PeerCert, PublicKeyInfo} -> handle_peer_cert(Role, PeerCert, PublicKeyInfo, State#state{client_certificate_requested = false}, Connection); @@ -701,6 +702,7 @@ cipher(internal, #finished{verify_data = Data} = Finished, expecting_finished = true, session = #session{master_secret = MasterSecret} = Session0, + ssl_options = SslOpts, connection_states = ConnectionStates0, tls_handshake_history = Handshake0} = State, Connection) -> case ssl_handshake:verify_connection(ssl:tls_version(Version), Finished, @@ -708,7 +710,7 @@ cipher(internal, #finished{verify_data = Data} = Finished, get_current_prf(ConnectionStates0, read), MasterSecret, Handshake0) of verified -> - Session = register_session(Role, Host, Port, Session0), + Session = register_session(Role, host_id(Role, Host, SslOpts), Port, Session0), cipher_role(Role, Data, Session, State#state{expecting_finished = false}, Connection); #alert{} = Alert -> @@ -2097,6 +2099,11 @@ register_session(server, _, Port, #session{is_resumable = new} = Session0) -> register_session(_, _, _, Session) -> Session. %% Already registered +host_id(client, _Host, #ssl_options{server_name_indication = Hostname}) when is_list(Hostname) -> + Hostname; +host_id(_, Host, _) -> + Host. + handle_new_session(NewId, CipherSuite, Compression, #state{session = Session0, protocol_cb = Connection} = State0) -> |