aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-08-14 12:09:53 +0200
committerIngela Anderton Andin <[email protected]>2014-08-14 12:09:53 +0200
commit3f44d30fea3b0c42c523d4dd60be58b09efe8c1f (patch)
tree5ec74b3a78504a4ec0650a498f07678d1139222e /lib/ssl/src/ssl_handshake.erl
parent9de7cc7f881b5df18d0a26f7d37af164bc0c390e (diff)
parentbd496c144e47c10c900c58cd2d9f38a01e9303cf (diff)
downloadotp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.gz
otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.bz2
otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.zip
Merge branch 'ia/ssl/certificate_types/certificate_requests/OTP-12026' into maint
* ia/ssl/certificate_types/certificate_requests/OTP-12026: public_key: Updated User Guide with ECC records ssl: Make sure the correct ROOT-cert is used ssl: Test ECDSA and improve test suite maintainability public_key: Correct ASN1-type EcpkParameters in PEM handling public_key: Correct ASN-1 spec ssl: Correct handling of certificate_types in Certificate Requests
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl34
1 files changed, 23 insertions, 11 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index b018332df1..25bdc5ef93 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -207,7 +207,7 @@ client_certificate_verify(OwnCert, MasterSecret, Version,
%% Description: Creates a certificate_request message, called by the server.
%%--------------------------------------------------------------------
certificate_request(CipherSuite, CertDbHandle, CertDbRef, Version) ->
- Types = certificate_types(CipherSuite),
+ Types = certificate_types(ssl_cipher:suite_definition(CipherSuite), Version),
HashSigns = advertised_hash_signs(Version),
Authorities = certificate_authorities(CertDbHandle, CertDbRef),
#certificate_request{
@@ -1098,19 +1098,31 @@ supported_ecc(_) ->
%%-------------certificate handling --------------------------------
-certificate_types({KeyExchange, _, _, _})
- when KeyExchange == rsa;
- KeyExchange == dhe_dss;
- KeyExchange == dhe_rsa;
- KeyExchange == ecdhe_rsa ->
- <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+certificate_types(_, {N, M}) when N >= 3 andalso M >= 3 ->
+ case proplists:get_bool(ecdsa,
+ proplists:get_value(public_keys, crypto:supports())) of
+ true ->
+ <<?BYTE(?ECDSA_SIGN), ?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+ false ->
+ <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>
+ end;
+
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == rsa;
+ KeyExchange == dhe_rsa;
+ KeyExchange == ecdhe_rsa ->
+ <<?BYTE(?RSA_SIGN)>>;
+
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dhe_dss,
+ KeyExchange == srp_dss ->
+ <<?BYTE(?DSS_SIGN)>>;
-certificate_types({KeyExchange, _, _, _})
- when KeyExchange == dh_ecdsa;
- KeyExchange == dhe_ecdsa ->
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dh_ecdsa;
+ KeyExchange == dhe_ecdsa;
+ KeyExchange == ecdh_ecdsa;
+ KeyExchange == ecdhe_ecdsa ->
<<?BYTE(?ECDSA_SIGN)>>;
-certificate_types(_) ->
+certificate_types(_, _) ->
<<?BYTE(?RSA_SIGN)>>.
certificate_authorities(CertDbHandle, CertDbRef) ->