diff options
| author | Ingela Anderton Andin <[email protected]> | 2013-05-28 09:22:12 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2013-05-28 09:22:12 +0200 |
| commit | 7f5fa1b06671d31476e0fc0f28b878a6b5059b1b (patch) | |
| tree | eaaecc247d03c90cb46fc3f9f2f2c085f9c653c0 /lib/ssl/src/ssl_handshake.erl | |
| parent | 58de241d5d8e4b0536389b317ecc6e7a2a570997 (diff) | |
| parent | 6ec1399aa8e6f80d8423acc37027eeda4394e7ad (diff) | |
| download | otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.tar.gz otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.tar.bz2 otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.zip | |
Merge branch 'ia/ssl/public_key/crypto/elliptic_curve/OTP-11009' into maint
* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (21 commits)
ssl: Do not advertise EC ciphers if crypto support is insufficient
crypto: Ctify tests and test new API
crypto: Allow integer as srp_private arguments according to docs
ssl: Remove unused `srp_parameters` type spec
crypto, public_key & ssl: Make more functions accept integer keys
snmp: Remove use of deprecated crypto functions
crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integer
netconf: Remove use of deprecated crypto functions
crypto: Documentation fixes from review
crypto: Change argument order of crypto:next_iv/3
crypto,public_key,ssl: Change return value of crypto:generate_key(ecdh,..)
ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0
ssl, public_key & inets: Remove use of deprecated crypto functions from test code
ssl: Remove use of deprecated crypto functions
public_key: Remove use of deprecated crypto functions
dialyzer: Remove use of deprecated crypto functions
ssh & crypto: Remove use of deprecated crypto functions from ssh
Update primary bootstrap
common_test: Replace use of deprecated crypto functions
beam_lib, compile: Replace use of deprecated crypto functions
...
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index e358cbe9bb..24ea86311f 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -840,7 +840,8 @@ select_next_protocol(Protocols, NextProtocolSelector) -> end. default_ecc_extensions(Version) -> - case proplists:get_bool(ec, crypto:algorithms()) of + CryptoSupport = proplists:get_value(public_keys, crypto:supports()), + case proplists:get_bool(ecdh, CryptoSupport) of true -> EcPointFormats = #ec_point_formats{ec_point_format_list = [?ECPOINT_UNCOMPRESSED]}, EllipticCurves = #elliptic_curves{elliptic_curve_list = ssl_tls1:ecc_curves(Version)}, @@ -850,7 +851,8 @@ default_ecc_extensions(Version) -> end. handle_ecc_extensions(Version, EcPointFormats0, EllipticCurves0) -> - case proplists:get_bool(ec, crypto:algorithms()) of + CryptoSupport = proplists:get_value(public_keys, crypto:supports()), + case proplists:get_bool(ecdh, CryptoSupport) of true -> EcPointFormats1 = handle_ecc_point_fmt_extension(EcPointFormats0), EllipticCurves1 = handle_ecc_curves_extension(Version, EllipticCurves0), @@ -1767,7 +1769,8 @@ default_hash_signs() -> ?TLSEXT_SIGALG(sha), ?TLSEXT_SIGALG_DSA(sha), ?TLSEXT_SIGALG_RSA(md5)], - HasECC = proplists:get_bool(ec, crypto:algorithms()), + CryptoSupport = proplists:get_value(public_keys, crypto:supports()), + HasECC = proplists:get_bool(ecdsa, CryptoSupport), #hash_sign_algos{hash_sign_algos = lists:filter(fun({_, ecdsa}) -> HasECC; (_) -> true end, HashSigns)}. |