aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2019-03-07 16:34:38 +0100
committerPéter Dimitrov <[email protected]>2019-03-07 16:34:38 +0100
commitecdfcfd6e85747b37881f873a64ee5ea068a94d1 (patch)
tree24006033527bf3d17b00dd984fdf8f090aaae2a6 /lib/ssl/src
parent0d37395176d63bb08c5cdbd46466630a132ea5b4 (diff)
downloadotp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.tar.gz
otp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.tar.bz2
otp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.zip
ssl: Fix get_handshake_context/2
Split get_handshake_context/2 into two functions. The new get_handshake_context_cv/2 returns the context for the verification of CertificateVerify. Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/tls_handshake_1_3.erl14
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index c250e95029..9c6c9190a1 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -993,6 +993,8 @@ cipher_init(Key, IV, FinishedKey) ->
tag_len = 16}.
+%% Get handshake context for verification of CertificateVerify.
+%%
%% Verify CertificateVerify:
%% ClientHello (client) (1)
%% ServerHello (server) (2)
@@ -1003,8 +1005,12 @@ cipher_init(Key, IV, FinishedKey) ->
%% Finished (server) (20)
%% Certificate (client) (11)
%% CertificateVerify (client) (15) - Drop! Not included in calculations!
-get_handshake_context({[<<15,_/binary>>|Messages], _}) ->
- Messages;
+get_handshake_context_cv({[<<15,_/binary>>|Messages], _}) ->
+ Messages.
+
+
+%% Get handshake context for traffic key calculation.
+%%
%% Client is authenticated with certificate:
%% ClientHello (client) (1)
%% ServerHello (server) (2)
@@ -1062,7 +1068,7 @@ verify_signature_algorithm(#state{ssl_options =
State1 = calculate_traffic_secrets(State0),
State = ssl_record:step_encryption_state(State1),
{error, {{handshake_failure,
- "CertificateVerify has a not supported signature algorithm"}, State}}
+ "CertificateVerify uses unsupported signature algorithm"}, State}}
end.
@@ -1081,7 +1087,7 @@ verify_certificate_verify(#state{connection_states = ConnectionStates,
{HashAlgo, _, _} =
ssl_cipher:scheme_to_components(SignatureScheme),
- Messages = get_handshake_context(HHistory),
+ Messages = get_handshake_context_cv(HHistory),
Context = lists:reverse(Messages),