aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2010-01-19 09:16:47 +0000
committerErlang/OTP <[email protected]>2010-01-19 09:16:47 +0000
commitce6ca6867f86c8ba876765d25c52cb80a1c10ad4 (patch)
tree8ac2bd7e5417314ffd1dbfb8878a9f73731e5e37 /lib/ssl/src
parente6de285d99aefc1a9de11e6eca187a12fdaf7378 (diff)
parentfe93630eaef3c403edda47e0531dbd5c11c2aa4a (diff)
downloadotp-ce6ca6867f86c8ba876765d25c52cb80a1c10ad4.tar.gz
otp-ce6ca6867f86c8ba876765d25c52cb80a1c10ad4.tar.bz2
otp-ce6ca6867f86c8ba876765d25c52cb80a1c10ad4.zip
Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_dev
* dgud/ssl-patches-from-Wil: Added a public_key:pkix_transform/2 instead and used it from ssl. Minor code cleanup new_ssl fix session reuse Code cleanup Send CA list during Certificate Request in new_ssl OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan. Send CA list during Certificate Request (in new_ssl) , thanks Wil Tan.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_connection.erl23
-rw-r--r--lib/ssl/src/ssl_handshake.erl38
2 files changed, 41 insertions, 20 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 178c055cdf..d9377fe3d6 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1,19 +1,19 @@
%%
%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%%
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved online at http://www.erlang.org/.
-%%
+%%
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
-%%
+%%
%% %CopyrightEnd%
%%
@@ -1115,13 +1115,12 @@ do_server_hello(Type, #state{negotiated_version = Version,
case ssl_handshake:master_secret(Version, Session,
ConnectionStates0, server) of
{_, ConnectionStates1} ->
- {ConnectionStates, Hashes} =
- finished(State#state{connection_states =
- ConnectionStates1}),
- {next_state, abbreviated,
- next_record(State#state{connection_states =
- ConnectionStates,
- tls_handshake_hashes = Hashes})};
+ State1 = State#state{connection_states=ConnectionStates1,
+ session = Session},
+ {ConnectionStates, Hashes} = finalize_server_handshake(State1),
+ Resumed = State1#state{connection_states = ConnectionStates,
+ tls_handshake_hashes = Hashes},
+ {next_state, abbreviated, next_record(Resumed)};
#alert{} = Alert ->
handle_own_alert(Alert, Version, hello, State),
{stop, normal, State}
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 829e0c2ba6..8c598135ca 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,19 +1,19 @@
%%
%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%%
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved online at http://www.erlang.org/.
-%%
+%%
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
-%%
+%%
%% %CopyrightEnd%
%%
@@ -860,9 +860,31 @@ certificate_types(_) ->
%% a RSA_FIXED_DH or DSS_FIXED_DH
<<?BYTE(?RSA_SIGN)>>.
-certificate_authorities(_) ->
- %%TODO Make list of know CA:s
- <<>>.
+certificate_authorities(CertDbRef) ->
+ Authorities = certificate_authorities_from_db(CertDbRef),
+ Enc = fun(#'OTPCertificate'{tbsCertificate=TBSCert}) ->
+ OTPSubj = TBSCert#'OTPTBSCertificate'.subject,
+ Subj = public_key:pkix_transform(OTPSubj, encode),
+ {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj),
+ DNEncodedBin = iolist_to_binary(DNEncoded),
+ DNEncodedLen = byte_size(DNEncodedBin),
+ <<?UINT16(DNEncodedLen), DNEncodedBin/binary>>
+ end,
+ list_to_binary([Enc(Cert) || {_, Cert} <- Authorities]).
+
+certificate_authorities_from_db(CertDbRef) ->
+ certificate_authorities_from_db(CertDbRef, no_candidate, []).
+
+certificate_authorities_from_db(CertDbRef, PrevKey, Acc) ->
+ case ssl_certificate_db:issuer_candidate(PrevKey) of
+ no_more_candidates ->
+ lists:reverse(Acc);
+ {{CertDbRef, _, _} = Key, Cert} ->
+ certificate_authorities_from_db(CertDbRef, Key, [Cert|Acc]);
+ {Key, _Cert} ->
+ %% skip certs not from this ssl connection
+ certificate_authorities_from_db(CertDbRef, Key, Acc)
+ end.
digitally_signed(Hashes, #'RSAPrivateKey'{} = Key) ->
public_key:encrypt_private(Hashes, Key,