ssl: Implement state 'wait_cert'

Implement state 'wait_cert' with its handler function do_wait_cert/2. Send CertificateRequest if peer verification is enabled. Send Alert 'certificate required' if client answers with empty Certificate and option 'fail_if_no_peer_cert' is set to true. Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
author: Péter Dimitrov <[email protected]> 2019-02-27 15:38:12 +0100
committer: Péter Dimitrov <[email protected]> 2019-03-04 16:24:53 +0100
commit: 85f04feeb89d12443d12c7e233712bf8c299e187 (patch)
tree: 7ed84baa5f0678be30de46c291ff1d2030f713b0 /lib/ssl/src/tls_connection_1_3.erl
parent: 0651ad7a32d6dabbab22993d629e4170e9952167 (diff)
download: otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.gz
otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.bz2
otp-85f04feeb89d12443d12c7e233712bf8c299e187.zip
1 files changed, 25 insertions, 3 deletions
diff --git a/lib/ssl/src/tls_connection_1_3.erl b/lib/ssl/src/tls_connection_1_3.erl
index 71ac6a9310..3c292a43b0 100644
--- a/lib/ssl/src/tls_connection_1_3.erl
+++ b/lib/ssl/src/tls_connection_1_3.erl
@@ -110,6 +110,7 @@
 %% gen_statem helper functions
 -export([start/4,
          negotiated/4,
+         wait_cert/4,
          wait_finished/4
         ]).
 
@@ -140,12 +141,33 @@ negotiated(internal, Map, State0, _Module) ->
     case tls_handshake_1_3:do_negotiated(Map, State0) of
         #alert{} = Alert ->
             ssl_connection:handle_own_alert(Alert, {3,4}, negotiated, State0);
-        State ->
-            {next_state, wait_finished, State, []}
-
+        {State, NextState} ->
+            {next_state, NextState, State, []}
     end.
 
 
+wait_cert(internal,
+          #change_cipher_spec{} = ChangeCipherSpec, State0, _Module) ->
+    case tls_handshake_1_3:do_wait_cert(ChangeCipherSpec, State0) of
+        #alert{} = Alert ->
+            ssl_connection:handle_own_alert(Alert, {3,4}, wait_cert, State0);
+        {State1, NextState} ->
+            {Record, State} = tls_connection:next_record(State1),
+            tls_connection:next_event(NextState, Record, State)
+    end;
+wait_cert(internal,
+          #certificate_1_3{} = Certificate, State0, _Module) ->
+    case tls_handshake_1_3:do_wait_cert(Certificate, State0) of
+        {#alert{} = Alert, State} ->
+            ssl_connection:handle_own_alert(Alert, {3,4}, wait_cert, State);
+        {State1, NextState} ->
+            {Record, State} = tls_connection:next_record(State1),
+            tls_connection:next_event(NextState, Record, State)
+    end;
+wait_cert(Type, Msg, State, Connection) ->
+    ssl_connection:handle_common_event(Type, Msg, ?FUNCTION_NAME, State, Connection).
+
+
 wait_finished(internal,
              #change_cipher_spec{} = ChangeCipherSpec, State0, _Module) ->
     case tls_handshake_1_3:do_wait_finished(ChangeCipherSpec, State0) of
author	Péter Dimitrov <[email protected]>	2019-02-27 15:38:12 +0100
committer	Péter Dimitrov <[email protected]>	2019-03-04 16:24:53 +0100
commit	85f04feeb89d12443d12c7e233712bf8c299e187 (patch)
tree	7ed84baa5f0678be30de46c291ff1d2030f713b0 /lib/ssl/src/tls_connection_1_3.erl
parent	0651ad7a32d6dabbab22993d629e4170e9952167 (diff)
download	otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.gz otp-85f04feeb89d12443d12c7e233712bf8c299e187.tar.bz2 otp-85f04feeb89d12443d12c7e233712bf8c299e187.zip