diff options
| author | Andreas Schultz <[email protected]> | 2012-08-16 11:23:33 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2012-08-22 14:00:46 +0200 |
| commit | be66663142da66e013ad65c4ebe429d9391312b0 (patch) | |
| tree | 7cc5a5b93c34f23ce5c309d22202f185a504255a /lib/ssl/src/ssl_handshake.erl | |
| parent | 191931c58ebc9f18efb2422d296b4a246119ab83 (diff) | |
| download | otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.gz otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.bz2 otp-be66663142da66e013ad65c4ebe429d9391312b0.zip | |
ssl: TLS 1.2: fix hash and signature handling
with TLS 1.2 the hash and signature on a certify message can
differ from the defaults. So we have to make sure to always
use the hash and signature algorithm indicated in the
handshake message
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 9d251054c9..497f778bc2 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -927,7 +927,7 @@ dec_hs({Major, Minor}, ?CERTIFICATE_VERIFY,<<HashSign:2/binary, ?UINT16(SignLen) when Major == 3, Minor >= 3 -> #certificate_verify{hashsign_algorithm = hashsign_dec(HashSign), signature = Signature}; dec_hs(_Version, ?CERTIFICATE_VERIFY,<<?UINT16(SignLen), Signature:SignLen/binary>>)-> - #certificate_verify{hashsign_algorithm = {unknown, unknown}, signature = Signature}; + #certificate_verify{signature = Signature}; dec_hs(_Version, ?CLIENT_KEY_EXCHANGE, PKEPMS) -> #client_key_exchange{exchange_keys = PKEPMS}; dec_hs(_Version, ?FINISHED, VerifyData) -> |