Merge branch 'ia/ssl/partial_chain/OTP-12149' into maint

* ia/ssl/partial_chain/OTP-12149:
  ssl: One more workaround as tcp has no delivery gurantee on application level
  ssl: Prepare for release - soft upgrade
  ssl, public_key: Add new option partial_chain

1 files changed, 15 insertions, 1 deletions

diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 26de51985a..7df73fb581 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -329,7 +329,10 @@ terminate(Reason, StateName, State) ->
 %% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState}
 %% Description: Convert process state when code is changed
 %%--------------------------------------------------------------------
-code_change(_OldVsn, StateName, State, _Extra) ->
+code_change(_OldVsn, StateName, State0, {Direction, From, To}) ->
+    State = convert_state(State0, Direction, From, To),
+    {ok, StateName, State};
+code_change(_OldVsn, StateName, State, _) ->
     {ok, StateName, State}.
 
 format_status(Type, Data) ->
@@ -958,3 +961,14 @@ workaround_transport_delivery_problems(Socket, gen_tcp = Transport) ->
     Transport:recv(Socket, 0, 30000);
 workaround_transport_delivery_problems(Socket, Transport) ->
     Transport:close(Socket).
+
+convert_state(#state{ssl_options = Options} = State, up, "5.3.5", "5.3.6") ->
+    State#state{ssl_options = convert_options_partial_chain(Options, up)};
+convert_state(#state{ssl_options = Options} = State, down, "5.3.6", "5.3.5") ->
+    State#state{ssl_options = convert_options_partial_chain(Options, down)}.
+
+convert_options_partial_chain(Options, up) ->
+    {Head, Tail} = lists:split(5, tuple_to_list(Options)),
+    list_to_tuple(Head ++ [{partial_chain, fun(_) -> unknown_ca end}] ++ Tail);
+convert_options_partial_chain(Options, down) ->
+    list_to_tuple(proplists:delete(partial_chain, tuple_to_list(Options))).