diff options
| author | Ingela Anderton Andin <[email protected]> | 2014-08-14 12:09:53 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2014-08-14 12:09:53 +0200 |
| commit | 3f44d30fea3b0c42c523d4dd60be58b09efe8c1f (patch) | |
| tree | 5ec74b3a78504a4ec0650a498f07678d1139222e /lib/ssl/src/ssl_handshake.erl | |
| parent | 9de7cc7f881b5df18d0a26f7d37af164bc0c390e (diff) | |
| parent | bd496c144e47c10c900c58cd2d9f38a01e9303cf (diff) | |
| download | otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.gz otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.bz2 otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.zip | |
Merge branch 'ia/ssl/certificate_types/certificate_requests/OTP-12026' into maint
* ia/ssl/certificate_types/certificate_requests/OTP-12026:
public_key: Updated User Guide with ECC records
ssl: Make sure the correct ROOT-cert is used
ssl: Test ECDSA and improve test suite maintainability
public_key: Correct ASN1-type EcpkParameters in PEM handling
public_key: Correct ASN-1 spec
ssl: Correct handling of certificate_types in Certificate Requests
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index b018332df1..25bdc5ef93 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -207,7 +207,7 @@ client_certificate_verify(OwnCert, MasterSecret, Version, %% Description: Creates a certificate_request message, called by the server. %%-------------------------------------------------------------------- certificate_request(CipherSuite, CertDbHandle, CertDbRef, Version) -> - Types = certificate_types(CipherSuite), + Types = certificate_types(ssl_cipher:suite_definition(CipherSuite), Version), HashSigns = advertised_hash_signs(Version), Authorities = certificate_authorities(CertDbHandle, CertDbRef), #certificate_request{ @@ -1098,19 +1098,31 @@ supported_ecc(_) -> %%-------------certificate handling -------------------------------- -certificate_types({KeyExchange, _, _, _}) - when KeyExchange == rsa; - KeyExchange == dhe_dss; - KeyExchange == dhe_rsa; - KeyExchange == ecdhe_rsa -> - <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>; +certificate_types(_, {N, M}) when N >= 3 andalso M >= 3 -> + case proplists:get_bool(ecdsa, + proplists:get_value(public_keys, crypto:supports())) of + true -> + <<?BYTE(?ECDSA_SIGN), ?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>; + false -> + <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>> + end; + +certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == rsa; + KeyExchange == dhe_rsa; + KeyExchange == ecdhe_rsa -> + <<?BYTE(?RSA_SIGN)>>; + +certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dhe_dss, + KeyExchange == srp_dss -> + <<?BYTE(?DSS_SIGN)>>; -certificate_types({KeyExchange, _, _, _}) - when KeyExchange == dh_ecdsa; - KeyExchange == dhe_ecdsa -> +certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dh_ecdsa; + KeyExchange == dhe_ecdsa; + KeyExchange == ecdh_ecdsa; + KeyExchange == ecdhe_ecdsa -> <<?BYTE(?ECDSA_SIGN)>>; -certificate_types(_) -> +certificate_types(_, _) -> <<?BYTE(?RSA_SIGN)>>. certificate_authorities(CertDbHandle, CertDbRef) -> |