aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2012-08-16 11:23:33 +0200
committerIngela Anderton Andin <[email protected]>2012-08-22 14:00:46 +0200
commitbe66663142da66e013ad65c4ebe429d9391312b0 (patch)
tree7cc5a5b93c34f23ce5c309d22202f185a504255a /lib/ssl/src/ssl_handshake.erl
parent191931c58ebc9f18efb2422d296b4a246119ab83 (diff)
downloadotp-be66663142da66e013ad65c4ebe429d9391312b0.tar.gz
otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.bz2
otp-be66663142da66e013ad65c4ebe429d9391312b0.zip
ssl: TLS 1.2: fix hash and signature handling
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 9d251054c9..497f778bc2 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -927,7 +927,7 @@ dec_hs({Major, Minor}, ?CERTIFICATE_VERIFY,<<HashSign:2/binary, ?UINT16(SignLen)
when Major == 3, Minor >= 3 ->
#certificate_verify{hashsign_algorithm = hashsign_dec(HashSign), signature = Signature};
dec_hs(_Version, ?CERTIFICATE_VERIFY,<<?UINT16(SignLen), Signature:SignLen/binary>>)->
- #certificate_verify{hashsign_algorithm = {unknown, unknown}, signature = Signature};
+ #certificate_verify{signature = Signature};
dec_hs(_Version, ?CLIENT_KEY_EXCHANGE, PKEPMS) ->
#client_key_exchange{exchange_keys = PKEPMS};
dec_hs(_Version, ?FINISHED, VerifyData) ->