diff options
| author | Ingela Andin <[email protected]> | 2018-07-05 15:04:29 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2018-07-05 15:04:29 +0200 |
| commit | f67bc13009002c23695a02e8323226bc03eca3f5 (patch) | |
| tree | b9dbadd8410bbaad6d16cf39cf2eb120dd681152 /lib/ssl/src | |
| parent | 99789794474140049a1939c4e4789b28dfe80e49 (diff) | |
| parent | f610e27fe71d0b6a19eb836c3d13cc8de610b9ef (diff) | |
| download | otp-f67bc13009002c23695a02e8323226bc03eca3f5.tar.gz otp-f67bc13009002c23695a02e8323226bc03eca3f5.tar.bz2 otp-f67bc13009002c23695a02e8323226bc03eca3f5.zip | |
Merge pull request #1866 from IngelaAndin/ingela/ssl/PSK-hash-sign-selection/ERL-641
Failing to recognize PSK as an anonymous key exchange would fail the connection
when trying to decode an undefined certificate
OTP-15172
Diffstat (limited to 'lib/ssl/src')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 3 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 556c204ab1..c5f75894cd 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1482,6 +1482,7 @@ connection_info(#state{sni_hostname = SNIHostname, [{protocol, RecordCB:protocol_version(Version)}, {session_id, SessionId}, {cipher_suite, ssl_cipher:erl_suite_definition(CipherSuiteDef)}, + {selected_cipher_suite, CipherSuiteDef}, {sni_hostname, SNIHostname} | CurveInfo] ++ ssl_options_list(Opts). security_info(#state{connection_states = ConnectionStates}) -> @@ -2522,7 +2523,7 @@ ssl_options_list([ciphers = Key | Keys], [Value | Values], Acc) -> ssl_options_list(Keys, Values, [{Key, lists:map( fun(Suite) -> - ssl_cipher:erl_suite_definition(Suite) + ssl_cipher:suite_definition(Suite) end, Value)} | Acc]); ssl_options_list([Key | Keys], [Value | Values], Acc) -> diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 3028ae9617..76fc7ae3d1 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1055,7 +1055,8 @@ select_curve(undefined, _, _) -> %%-------------------------------------------------------------------- select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon; KeyExAlgo == ecdh_anon; - KeyExAlgo == srp_anon -> + KeyExAlgo == srp_anon; + KeyExAlgo == psk -> {null, anon}; %% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have %% negotiated a lower version. |