ssl: Correct handling of certificate_types in Certificate Requests

FROM TLS 1.2 RFC:
   The interaction of the certificate_types and
   supported_signature_algorithms fields is somewhat complicated.
   certificate_types has been present in TLS since SSLv3, but was
   somewhat underspecified.  Much of its functionality is superseded by
   supported_signature_algorithms.  The following rules apply:

   -  Any certificates provided by the client MUST be signed using a
      hash/signature algorithm pair found in
      supported_signature_algorithms.

   -  The end-entity certificate provided by the client MUST contain a
      key that is compatible with certificate_types.  If the key is a
      signature key, it MUST be usable with some hash/signature
      algorithm pair in supported_signature_algorithms.

   -  For historical reasons, the names of some client certificate types
      include the algorithm used to sign the certificate.  For example,
      in earlier versions of TLS, rsa_fixed_dh meant a certificate
      signed with RSA and containing a static DH key.  In TLS 1.2, this
      functionality has been obsoleted by the
      supported_signature_algorithms, and the certificate type no longer
      restricts the algorithm used to sign the certificate.  For
      example, if the server sends dss_fixed_dh certificate type and
      {{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply
      with a certificate containing a static DH key, signed with RSA-
      SHA1.

1 files changed, 23 insertions, 11 deletions

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index b018332df1..25bdc5ef93 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -207,7 +207,7 @@ client_certificate_verify(OwnCert, MasterSecret, Version,
 %% Description: Creates a certificate_request message, called by the server.
 %%--------------------------------------------------------------------
 certificate_request(CipherSuite, CertDbHandle, CertDbRef, Version) ->
-    Types = certificate_types(CipherSuite),
+    Types = certificate_types(ssl_cipher:suite_definition(CipherSuite), Version),
     HashSigns = advertised_hash_signs(Version),
     Authorities = certificate_authorities(CertDbHandle, CertDbRef),
     #certificate_request{
@@ -1098,19 +1098,31 @@ supported_ecc(_) ->
 
 %%-------------certificate handling --------------------------------
 
-certificate_types({KeyExchange, _, _, _})
-  when KeyExchange == rsa;
-       KeyExchange == dhe_dss;
-       KeyExchange == dhe_rsa;
-       KeyExchange == ecdhe_rsa ->
-    <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+certificate_types(_, {N, M}) when N >= 3 andalso M >= 3 ->
+    case proplists:get_bool(ecdsa,  
+			    proplists:get_value(public_keys, crypto:supports())) of
+	true ->
+	    <<?BYTE(?ECDSA_SIGN), ?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>;
+	false ->
+	    <<?BYTE(?RSA_SIGN), ?BYTE(?DSS_SIGN)>>
+    end;
+
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == rsa;
+						  KeyExchange == dhe_rsa;
+						  KeyExchange == ecdhe_rsa ->
+    <<?BYTE(?RSA_SIGN)>>;
+
+certificate_types({KeyExchange, _, _, _}, _)  when KeyExchange == dhe_dss,
+						   KeyExchange == srp_dss ->
+    <<?BYTE(?DSS_SIGN)>>;
 
-certificate_types({KeyExchange, _, _, _})
-  when KeyExchange == dh_ecdsa;
-       KeyExchange == dhe_ecdsa ->
+certificate_types({KeyExchange, _, _, _}, _) when KeyExchange == dh_ecdsa;
+						  KeyExchange == dhe_ecdsa;
+						  KeyExchange == ecdh_ecdsa;
+						  KeyExchange == ecdhe_ecdsa ->
     <<?BYTE(?ECDSA_SIGN)>>;
 
-certificate_types(_) ->
+certificate_types(_, _) ->
     <<?BYTE(?RSA_SIGN)>>.
 
 certificate_authorities(CertDbHandle, CertDbRef) ->