diff options
author | Péter Dimitrov <[email protected]> | 2019-02-27 15:38:12 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-03-04 16:24:53 +0100 |
commit | 85f04feeb89d12443d12c7e233712bf8c299e187 (patch) | |
tree | 7ed84baa5f0678be30de46c291ff1d2030f713b0 /lib/ssl/src/tls_connection_1_3.erl | |
parent | 0651ad7a32d6dabbab22993d629e4170e9952167 (diff) | |
download | otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.gz otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.bz2 otp-85f04feeb89d12443d12c7e233712bf8c299e187.zip |
ssl: Implement state 'wait_cert'
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
Diffstat (limited to 'lib/ssl/src/tls_connection_1_3.erl')
-rw-r--r-- | lib/ssl/src/tls_connection_1_3.erl | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/lib/ssl/src/tls_connection_1_3.erl b/lib/ssl/src/tls_connection_1_3.erl index 71ac6a9310..3c292a43b0 100644 --- a/lib/ssl/src/tls_connection_1_3.erl +++ b/lib/ssl/src/tls_connection_1_3.erl @@ -110,6 +110,7 @@ %% gen_statem helper functions -export([start/4, negotiated/4, + wait_cert/4, wait_finished/4 ]). @@ -140,12 +141,33 @@ negotiated(internal, Map, State0, _Module) -> case tls_handshake_1_3:do_negotiated(Map, State0) of #alert{} = Alert -> ssl_connection:handle_own_alert(Alert, {3,4}, negotiated, State0); - State -> - {next_state, wait_finished, State, []} - + {State, NextState} -> + {next_state, NextState, State, []} end. +wait_cert(internal, + #change_cipher_spec{} = ChangeCipherSpec, State0, _Module) -> + case tls_handshake_1_3:do_wait_cert(ChangeCipherSpec, State0) of + #alert{} = Alert -> + ssl_connection:handle_own_alert(Alert, {3,4}, wait_cert, State0); + {State1, NextState} -> + {Record, State} = tls_connection:next_record(State1), + tls_connection:next_event(NextState, Record, State) + end; +wait_cert(internal, + #certificate_1_3{} = Certificate, State0, _Module) -> + case tls_handshake_1_3:do_wait_cert(Certificate, State0) of + {#alert{} = Alert, State} -> + ssl_connection:handle_own_alert(Alert, {3,4}, wait_cert, State); + {State1, NextState} -> + {Record, State} = tls_connection:next_record(State1), + tls_connection:next_event(NextState, Record, State) + end; +wait_cert(Type, Msg, State, Connection) -> + ssl_connection:handle_common_event(Type, Msg, ?FUNCTION_NAME, State, Connection). + + wait_finished(internal, #change_cipher_spec{} = ChangeCipherSpec, State0, _Module) -> case tls_handshake_1_3:do_wait_finished(ChangeCipherSpec, State0) of |