diff options
| author | Péter Dimitrov <[email protected]> | 2018-11-16 10:53:37 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-11-20 09:55:54 +0100 |
| commit | f75e1a8b00c3f678d21b4f62a0140b50a4404504 (patch) | |
| tree | 837172f74cdca566dc7ee98544b2f76cb37b3517 /lib/ssl/src/ssl_handshake.erl | |
| parent | 5667810578357122b3a49949c3e7826f652833c2 (diff) | |
| download | otp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.tar.gz otp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.tar.bz2 otp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.zip | |
ssl: Fix handling of "signature_algs" in ClientHello
Use signature schemes in the "signature_algs" extension when
creating TLS 1.3 ClientHello extensions.
Change-Id: I1402bec659c70352a4a2200146911fd4246d2fe2
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 7dec0a283f..0b2ecfc981 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1037,15 +1037,14 @@ client_hello_extensions(Version, CipherSuites, SslOpts, ConnectionStates, Renego maybe_add_tls13_extensions(Version, HelloExtensions1, SslOpts, KeyShare). -add_tls12_extensions(Version, - #ssl_options{signature_algs = SupportedHashSigns} = SslOpts, +add_tls12_extensions(_Version, + SslOpts, ConnectionStates, Renegotiation) -> SRP = srp_user(SslOpts), #{renegotiation_info => renegotiation_info(tls_record, client, ConnectionStates, Renegotiation), srp => SRP, - signature_algs => available_signature_algs(SupportedHashSigns, Version), alpn => encode_alpn(SslOpts#ssl_options.alpn_advertised_protocols, Renegotiation), next_protocol_negotiation => encode_client_protocol_negotiation(SslOpts#ssl_options.next_protocol_selector, @@ -1058,16 +1057,19 @@ add_common_extensions({3,4}, HelloExtensions, _CipherSuites, #ssl_options{eccs = SupportedECCs, - supported_groups = Groups}) -> + supported_groups = Groups, + signature_algs = SignatureSchemes}) -> {EcPointFormats, _} = client_ecc_extensions(SupportedECCs), HelloExtensions#{ec_point_formats => EcPointFormats, - elliptic_curves => Groups}; + elliptic_curves => Groups, + signature_algs => signature_algs_ext(SignatureSchemes)}; -add_common_extensions(_Version, +add_common_extensions(Version, HelloExtensions, CipherSuites, - #ssl_options{eccs = SupportedECCs}) -> + #ssl_options{eccs = SupportedECCs, + signature_algs = SupportedHashSigns}) -> {EcPointFormats, EllipticCurves} = case advertises_ec_ciphers( @@ -1079,7 +1081,8 @@ add_common_extensions(_Version, {undefined, undefined} end, HelloExtensions#{ec_point_formats => EcPointFormats, - elliptic_curves => EllipticCurves}. + elliptic_curves => EllipticCurves, + signature_algs => available_signature_algs(SupportedHashSigns, Version)}. maybe_add_tls13_extensions({3,4}, @@ -1154,6 +1157,11 @@ maybe_add_key_share(HelloExtensions, KeyShare) -> client_shares = ClientShares}}. +signature_algs_ext(undefined) -> + undefined; +signature_algs_ext(SignatureSchemes) -> + #signature_algorithms{signature_scheme_list = SignatureSchemes}. + signature_algs_cert(undefined) -> undefined; signature_algs_cert(SignatureSchemes) -> |