diff options
author | Péter Dimitrov <[email protected]> | 2018-11-16 11:39:51 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2018-11-20 09:55:54 +0100 |
commit | f2ec822db072c3366effc93688e6def9742d8c5b (patch) | |
tree | 09c22e0928243c528c45ecb89683d5c21cd2e1e4 /lib/ssl/src/ssl_handshake.erl | |
parent | f995d04a0575cdd110a96741bc733eb95d063113 (diff) | |
download | otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.gz otp-f2ec822db072c3366effc93688e6def9742d8c5b.tar.bz2 otp-f2ec822db072c3366effc93688e6def9742d8c5b.zip |
ssl: Improve the "start" and "negotiated" states
This change adds the capability to the TLS 1.3 server to process
ClientHello messages and answer with ServerHello.
Change-Id: I13f6cfac932574300338e7301c6162252a591c70
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 0b2ecfc981..417e5d9eb6 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -76,9 +76,11 @@ handle_client_hello_extensions/9, %% Returns server hello extensions handle_server_hello_extensions/9, select_curve/2, select_curve/3, select_hashsign/4, select_hashsign/5, - select_hashsign_algs/3, empty_extensions/2 + select_hashsign_algs/3, empty_extensions/2, add_server_share/2 ]). +-export([get_cert_params/1]). + %%==================================================================== %% Create handshake messages %%==================================================================== @@ -1137,25 +1139,31 @@ maybe_add_key_share(HelloExtensions, undefined) -> maybe_add_key_share(HelloExtensions, KeyShare) -> #key_share_client_hello{client_shares = ClientShares0} = KeyShare, %% Keep only public keys - Fun = fun(#key_share_entry{ - group = Group, - key_exchange = - #'ECPrivateKey'{publicKey = PublicKey}}) -> - #key_share_entry{ - group = Group, - key_exchange = PublicKey}; - (#key_share_entry{ - group = Group, - key_exchange = - {PublicKey, _}}) -> - #key_share_entry{ - group = Group, - key_exchange = PublicKey} - end, - ClientShares = lists:map(Fun, ClientShares0), + ClientShares = lists:map(fun kse_remove_private_key/1, ClientShares0), HelloExtensions#{key_share => #key_share_client_hello{ client_shares = ClientShares}}. +add_server_share(Extensions, KeyShare) -> + #key_share_server_hello{server_share = ServerShare0} = KeyShare, + %% Keep only public keys + ServerShare = kse_remove_private_key(ServerShare0), + Extensions#{key_share => #key_share_server_hello{ + server_share = ServerShare}}. + +kse_remove_private_key(#key_share_entry{ + group = Group, + key_exchange = + #'ECPrivateKey'{publicKey = PublicKey}}) -> + #key_share_entry{ + group = Group, + key_exchange = PublicKey}; +kse_remove_private_key(#key_share_entry{ + group = Group, + key_exchange = + {PublicKey, _}}) -> + #key_share_entry{ + group = Group, + key_exchange = PublicKey}. signature_algs_ext(undefined) -> undefined; |