diff options
author | Andreas Schultz <aschultz@tpip.net> | 2012-08-16 11:23:33 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2012-08-22 14:00:46 +0200 |
commit | be66663142da66e013ad65c4ebe429d9391312b0 (patch) | |
tree | 7cc5a5b93c34f23ce5c309d22202f185a504255a /lib/ssl/src/ssl_tls1.erl | |
parent | 191931c58ebc9f18efb2422d296b4a246119ab83 (diff) | |
download | otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.gz otp-be66663142da66e013ad65c4ebe429d9391312b0.tar.bz2 otp-be66663142da66e013ad65c4ebe429d9391312b0.zip |
ssl: TLS 1.2: fix hash and signature handling
with TLS 1.2 the hash and signature on a certify message can
differ from the defaults. So we have to make sure to always
use the hash and signature algorithm indicated in the
handshake message
Diffstat (limited to 'lib/ssl/src/ssl_tls1.erl')
-rw-r--r-- | lib/ssl/src/ssl_tls1.erl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index 91b321bcd9..1daf9640ab 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -80,11 +80,11 @@ certificate_verify(md5sha, _Version, Handshake) -> SHA = crypto:sha(Handshake), <<MD5/binary, SHA/binary>>; -certificate_verify(sha, _Version, Handshake) -> - crypto:sha(Handshake). +certificate_verify(HashAlgo, _Version, Handshake) -> + Hash = crypto:hash(HashAlgo, Handshake). -spec setup_keys(integer(), integer(), binary(), binary(), binary(), integer(), - integer(), integer()) -> {binary(), binary(), binary(), + integer(), integer()) -> {binary(), binary(), binary(), binary(), binary(), binary()}. setup_keys(Version, _PrfAlgo, MasterSecret, ServerRandom, ClientRandom, HashSize, |