Merge remote-tracking branch 'upstream/maint'

author: Ingela Anderton Andin <[email protected]> 2014-08-14 12:10:34 +0200
committer: Ingela Anderton Andin <[email protected]> 2014-08-14 12:10:34 +0200
commit: 2202cd030279566911c17d1474f815538dd64214 (patch)
tree: 567c0b24ca2b327d0f4c14fe2975ac93cec1bf60 /lib/ssl/src/ssl_handshake.erl
parent: 17896dcaf4520c90d4e7d7d1a55de335ca898210 (diff)
parent: 3f44d30fea3b0c42c523d4dd60be58b09efe8c1f (diff)
download: otp-2202cd030279566911c17d1474f815538dd64214.tar.gz
otp-2202cd030279566911c17d1474f815538dd64214.tar.bz2
otp-2202cd030279566911c17d1474f815538dd64214.zip
1 files changed, 23 insertions, 11 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index b018332df1..25bdc5ef93 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -207,7 +207,7 @@ client_certificate_verify(OwnCert, MasterSecret, Version,
 %% Description: Creates a certificate_request message, called by the server.
 %%--------------------------------------------------------------------
 certificate_request(CipherSuite, CertDbHandle, CertDbRef, Version) ->
-    Types = certificate_types(CipherSuite),
+    Types = certificate_types(ssl_cipher:suite_definition(CipherSuite), Version),
     HashSigns = advertised_hash_signs(Version),
     Authorities = certificate_authorities(CertDbHandle, CertDbRef),
     #certificate_request{
@@ -1098,19 +1098,31 @@ supported_ecc(_) ->
 
 %%-------------certificate handling --------------------------------
 
-certificate_types({KeyExchange, _, _, _})
-  when KeyExchange == rsa;
-       KeyExchange == dhe_dss;
-       KeyExchange == dhe_rsa;
-       KeyExchange == ecdhe_rsa ->
-    <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+certificate_types(_, {N, M}) when N >= 3 andalso M >= 3 ->
+    case proplists:get_bool(ecdsa,  
+			    proplists:get_value(public_keys, crypto:supports())) of
+	true ->
+	    <<?BYTE(?ECDSA_SIGN), ?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+	false ->
+	    <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>
+    end;
+
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == rsa;
+						  KeyExchange == dhe_rsa;
+						  KeyExchange == ecdhe_rsa ->
+    <<?BYTE(?RSA_SIGN)>>;
+
+certificate_types({KeyExchange, _, _, _}, _)  when KeyExchange == dhe_dss,
+						   KeyExchange == srp_dss ->
+    <<?BYTE(?DSS_SIGN)>>;
 
-certificate_types({KeyExchange, _, _, _})
-  when KeyExchange == dh_ecdsa;
-       KeyExchange == dhe_ecdsa ->
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dh_ecdsa;
+						  KeyExchange == dhe_ecdsa;
+						  KeyExchange == ecdh_ecdsa;
+						  KeyExchange == ecdhe_ecdsa ->
     <<?BYTE(?ECDSA_SIGN)>>;
 
-certificate_types(_) ->
+certificate_types(_, _) ->
     <<?BYTE(?RSA_SIGN)>>.
 
 certificate_authorities(CertDbHandle, CertDbRef) ->
author	Ingela Anderton Andin <[email protected]>	2014-08-14 12:10:34 +0200
committer	Ingela Anderton Andin <[email protected]>	2014-08-14 12:10:34 +0200
commit	2202cd030279566911c17d1474f815538dd64214 (patch)
tree	567c0b24ca2b327d0f4c14fe2975ac93cec1bf60 /lib/ssl/src/ssl_handshake.erl
parent	17896dcaf4520c90d4e7d7d1a55de335ca898210 (diff)
parent	3f44d30fea3b0c42c523d4dd60be58b09efe8c1f (diff)
download	otp-2202cd030279566911c17d1474f815538dd64214.tar.gz otp-2202cd030279566911c17d1474f815538dd64214.tar.bz2 otp-2202cd030279566911c17d1474f815538dd64214.zip