aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-03-14 15:06:58 +0100
committerIngela Anderton Andin <[email protected]>2014-03-14 15:39:22 +0100
commitebfd862f47611fa17be72cad1afcd6a13f14bc4d (patch)
tree84d9bf768b74b16b1fa0b250a0abd391e1b1d1c3 /lib/ssl/src/ssl_handshake.erl
parent6d2f4bb8fd96049a18cc6b123db4a28bad9ef73a (diff)
downloadotp-ebfd862f47611fa17be72cad1afcd6a13f14bc4d.tar.gz
otp-ebfd862f47611fa17be72cad1afcd6a13f14bc4d.tar.bz2
otp-ebfd862f47611fa17be72cad1afcd6a13f14bc4d.zip
ssl: Server now ignores client ECC curves that it does not support instead of
crashing. When TLS client sends Supported Elliptic Curves Client Hello Extension the server shall select a curve supported by both sides or refuse to negotiate the use of an ECC cipher suite.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 245cd3e280..74ca7ca699 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1654,7 +1654,16 @@ dec_hello_extensions(<<?UINT16(?SIGNATURE_ALGORITHMS_EXT), ?UINT16(Len),
dec_hello_extensions(<<?UINT16(?ELLIPTIC_CURVES_EXT), ?UINT16(Len),
ExtData:Len/binary, Rest/binary>>, Acc) ->
<<?UINT16(_), EllipticCurveList/binary>> = ExtData,
- EllipticCurves = [tls_v1:enum_to_oid(X) || <<X:16>> <= EllipticCurveList],
+ %% Ignore unknown curves
+ Pick = fun(Enum) ->
+ case tls_v1:enum_to_oid(Enum) of
+ undefined ->
+ false;
+ Oid ->
+ {true, Oid}
+ end
+ end,
+ EllipticCurves = lists:filtermap(Pick, [ECC || <<ECC:16>> <= EllipticCurveList]),
dec_hello_extensions(Rest, Acc#hello_extensions{elliptic_curves =
#elliptic_curves{elliptic_curve_list =
EllipticCurves}});