diff options
author | Ingela Anderton Andin <[email protected]> | 2012-09-19 12:14:20 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2012-09-20 14:37:18 +0200 |
commit | 1e0d466f198842cfed14f4fae906381c39bd2050 (patch) | |
tree | 235cb51d84caab78cdc39f03c6e56fb4e745c470 /lib/ssl/src | |
parent | 33afc30ff8e59af6b066b2212c6c6e4545758d0f (diff) | |
download | otp-1e0d466f198842cfed14f4fae906381c39bd2050.tar.gz otp-1e0d466f198842cfed14f4fae906381c39bd2050.tar.bz2 otp-1e0d466f198842cfed14f4fae906381c39bd2050.zip |
ssl: Changed default behaviour of next protocol negotiation to make
more "sense" (be true to the specification).
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl.erl | 26 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 8 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.hrl | 2 |
3 files changed, 22 insertions, 14 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 9ed6acd43a..c72c4d7a93 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -39,6 +39,7 @@ -include("ssl_internal.hrl"). -include("ssl_record.hrl"). -include("ssl_cipher.hrl"). +-include("ssl_handshake.hrl"). -include_lib("public_key/include/public_key.hrl"). @@ -745,11 +746,16 @@ validate_option(hibernate_after, Value) when is_integer(Value), Value >= 0 -> validate_option(erl_dist,Value) when Value == true; Value == false -> Value; -validate_option(client_preferred_next_protocols, {FallbackProtocol, Order, PreferredProtocols} = Value) - when is_list(PreferredProtocols), is_binary(FallbackProtocol), - byte_size(FallbackProtocol) > 0, byte_size(FallbackProtocol) < 256 -> +validate_option(client_preferred_next_protocols, {Precedence, PreferredProtocols}) + when is_list(PreferredProtocols) -> validate_binary_list(client_preferred_next_protocols, PreferredProtocols), - validate_npn_ordering(Order), + validate_npn_ordering(Precedence), + {Precedence, PreferredProtocols, ?NO_PROTOCOL}; +validate_option(client_preferred_next_protocols, {Precedence, PreferredProtocols, Default} = Value) + when is_list(PreferredProtocols), is_binary(Default), + byte_size(Default) > 0, byte_size(Default) < 256 -> + validate_binary_list(client_preferred_next_protocols, PreferredProtocols), + validate_npn_ordering(Precedence), Value; validate_option(client_preferred_next_protocols, undefined) -> undefined; @@ -766,7 +772,7 @@ validate_npn_ordering(client) -> validate_npn_ordering(server) -> ok; validate_npn_ordering(Value) -> - throw({error, {eoptions, {client_preferred_next_protocols, Value}}}). + throw({error, {eoptions, {client_preferred_next_protocols, {invalid_precedence, Value}}}}). validate_binary_list(Opt, List) -> lists:foreach( @@ -775,7 +781,7 @@ validate_binary_list(Opt, List) -> byte_size(Bin) < 256 -> ok; (Bin) -> - throw({error, {eoptions, {Opt, Bin}}}) + throw({error, {eoptions, {Opt, {invalid_protocol, Bin}}}}) end, List). validate_versions([], Versions) -> @@ -896,18 +902,18 @@ detect(Pred, [H|T]) -> make_next_protocol_selector(undefined) -> undefined; -make_next_protocol_selector({FallbackProtocol, client, AllProtocols}) -> +make_next_protocol_selector({client, AllProtocols, DefaultProtocol}) -> fun(AdvertisedProtocols) -> case detect(fun(PreferredProtocol) -> lists:member(PreferredProtocol, AdvertisedProtocols) end, AllProtocols) of - undefined -> FallbackProtocol; + undefined -> DefaultProtocol; PreferredProtocol -> PreferredProtocol end end; -make_next_protocol_selector({FallbackProtocol, server, AllProtocols}) -> +make_next_protocol_selector({server, AllProtocols, DefaultProtocol}) -> fun(AdvertisedProtocols) -> case detect(fun(PreferredProtocol) -> lists:member(PreferredProtocol, AllProtocols) end, AdvertisedProtocols) of - undefined -> FallbackProtocol; + undefined -> DefaultProtocol; PreferredProtocol -> PreferredProtocol end end. diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 3b114c1f9c..695721d51a 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -741,10 +741,10 @@ select_next_protocol({error, _Reason}, _NextProtocolSelector) -> ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE); select_next_protocol(Protocols, NextProtocolSelector) -> case NextProtocolSelector(Protocols) of - Protocol when is_binary(Protocol), byte_size(Protocol) > 0 -> - Protocol; - _ -> - ?ALERT_REC(?FATAL, ?INTERNAL_ERROR) % we are broken internally :( api presently stops this but we might let it happen in future + ?NO_PROTOCOL -> + ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE); + Protocol when is_binary(Protocol) -> + Protocol end. handle_renegotiation_info(_, #renegotiation_info{renegotiated_connection = ?byte(0)}, diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl index bd583e5d92..a4ce48c291 100644 --- a/lib/ssl/src/ssl_handshake.hrl +++ b/lib/ssl/src/ssl_handshake.hrl @@ -33,6 +33,8 @@ -type public_key_info() :: {algo_oid(), #'RSAPublicKey'{} | integer() , public_key_params()}. -type tls_handshake_history() :: {[binary()], [binary()]}. +-define(NO_PROTOCOL, <<>>). + %% Signature algorithms -define(ANON, 0). -define(RSA, 1). |