aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_tls1.erl
diff options
context:
space:
mode:
authorAndreas Schultz <aschultz@tpip.net>2012-08-16 11:23:33 +0200
committerIngela Anderton Andin <ingela@erlang.org>2012-08-22 14:00:46 +0200
commitbe66663142da66e013ad65c4ebe429d9391312b0 (patch)
tree7cc5a5b93c34f23ce5c309d22202f185a504255a /lib/ssl/src/ssl_tls1.erl
parent191931c58ebc9f18efb2422d296b4a246119ab83 (diff)
downloadotp-be66663142da66e013ad65c4ebe429d9391312b0.tar.gz
otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.bz2
otp-be66663142da66e013ad65c4ebe429d9391312b0.zip
ssl: TLS 1.2: fix hash and signature handling
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message
Diffstat (limited to 'lib/ssl/src/ssl_tls1.erl')
-rw-r--r--lib/ssl/src/ssl_tls1.erl6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index 91b321bcd9..1daf9640ab 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -80,11 +80,11 @@ certificate_verify(md5sha, _Version, Handshake) ->
SHA = crypto:sha(Handshake),
<<MD5/binary, SHA/binary>>;
-certificate_verify(sha, _Version, Handshake) ->
- crypto:sha(Handshake).
+certificate_verify(HashAlgo, _Version, Handshake) ->
+ Hash = crypto:hash(HashAlgo, Handshake).
-spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(),
- integer(), integer()) -> {binary(), binary(), binary(),
+ integer(), integer()) -> {binary(), binary(), binary(),
binary(), binary(), binary()}.
setup_keys(Version, _PrfAlgo, MasterSecret, ServerRandom, ClientRandom, HashSize,