aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorAndreas Schultz <[email protected]>2012-08-15 18:44:31 +0200
committerIngela Anderton Andin <[email protected]>2012-08-22 14:00:46 +0200
commit191931c58ebc9f18efb2422d296b4a246119ab83 (patch)
tree6fe0016f47e534d294e36a768c2ec9cdf42ff893 /lib/ssl/src
parent332716f059f291eba836fb46071a9b3e718f43c0 (diff)
downloadotp-191931c58ebc9f18efb2422d296b4a246119ab83.tar.gz
otp-191931c58ebc9f18efb2422d296b4a246119ab83.tar.bz2
otp-191931c58ebc9f18efb2422d296b4a246119ab83.zip
ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash combinations
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_handshake.erl13
1 files changed, 7 insertions, 6 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index d096bc347d..9d251054c9 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -322,7 +322,7 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) ->
#security_parameters{cipher_suite = CipherSuite}} =
ssl_record:pending_connection_state(ConnectionStates, read),
Types = certificate_types(CipherSuite),
- HashSigns = hashsign_algorithms(CipherSuite),
+ HashSigns = default_hash_signs(),
Authorities = certificate_authorities(CertDbHandle, CertDbRef),
#certificate_request{
certificate_types = Types,
@@ -911,8 +911,10 @@ dec_hs({Major, Minor}, ?CERTIFICATE_REQUEST,
?UINT16(HashSignsLen), HashSigns:HashSignsLen/binary,
?UINT16(CertAuthsLen), CertAuths:CertAuthsLen/binary>>)
when Major == 3, Minor >= 3 ->
+ HashSignAlgos = [{ssl_cipher:hash_algorithm(Hash), ssl_cipher:sign_algorithm(Sign)} ||
+ <<?BYTE(Hash), ?BYTE(Sign)>> <= HashSigns],
#certificate_request{certificate_types = CertTypes,
- hashsign_algorithms = HashSigns,
+ hashsign_algorithms = #hash_sign_algos{hash_sign_algos = HashSignAlgos},
certificate_authorities = CertAuths};
dec_hs(_Version, ?CERTIFICATE_REQUEST,
<<?BYTE(CertTypesLen), CertTypes:CertTypesLen/binary,
@@ -1061,10 +1063,12 @@ enc_hs(#server_key_exchange{params = #server_dh_params{
Signature/binary>>
};
enc_hs(#certificate_request{certificate_types = CertTypes,
- hashsign_algorithms = HashSigns,
+ hashsign_algorithms = #hash_sign_algos{hash_sign_algos = HashSignAlgos},
certificate_authorities = CertAuths},
{Major, Minor})
when Major == 3, Minor >= 3 ->
+ HashSigns= << <<(ssl_cipher:hash_algorithm(Hash)):8, (ssl_cipher:sign_algorithm(Sign)):8>> ||
+ {Hash, Sign} <- HashSignAlgos >>,
CertTypesLen = byte_size(CertTypes),
HashSignsLen = byte_size(HashSigns),
CertAuthsLen = byte_size(CertAuths),
@@ -1178,9 +1182,6 @@ hashsign_enc(HashAlgo, SignAlgo) ->
Sign = ssl_cipher:sign_algorithm(SignAlgo),
<<?BYTE(Hash), ?BYTE(Sign)>>.
-hashsign_algorithms(_) ->
- hashsign_enc(sha, rsa).
-
certificate_authorities(CertDbHandle, CertDbRef) ->
Authorities = certificate_authorities_from_db(CertDbHandle, CertDbRef),
Enc = fun(#'OTPCertificate'{tbsCertificate=TBSCert}) ->