ssl: Make sure that a correct cipher suite is selected

The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
author: Ingela Anderton Andin <[email protected]> 2018-08-06 13:04:25 +0200
committer: Ingela Anderton Andin <[email protected]> 2018-08-09 16:09:02 +0200
commit: 803bc2a1df253ff43255a9407672030fe2b4afd5 (patch)
tree: 65479e5a3bcafac87eff009c17530655d76a3aa7 /lib/ssl/src
parent: ca9f2fe073b587e70b5502c87be3eca6f72ddd57 (diff)
download: otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.gz
otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.bz2
otp-803bc2a1df253ff43255a9407672030fe2b4afd5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 50dadd0903..1aeb415bd9 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2777,6 +2777,8 @@ ecdsa_signed_suites(Ciphers, Version) ->
 
 rsa_keyed(dhe_rsa) -> 
     true;
+rsa_keyed(ecdhe_rsa) -> 
+    true;
 rsa_keyed(rsa) -> 
     true;
 rsa_keyed(rsa_psk) -> 
@@ -2840,6 +2842,8 @@ ec_keyed(ecdh_ecdsa) ->
     true;
 ec_keyed(ecdh_rsa) ->
     true;
+ec_keyed(ecdhe_ecdsa) ->
+    true;
 ec_keyed(_) -> 
     false.
author	Ingela Anderton Andin <[email protected]>	2018-08-06 13:04:25 +0200
committer	Ingela Anderton Andin <[email protected]>	2018-08-09 16:09:02 +0200
commit	803bc2a1df253ff43255a9407672030fe2b4afd5 (patch)
tree	65479e5a3bcafac87eff009c17530655d76a3aa7 /lib/ssl/src
parent	ca9f2fe073b587e70b5502c87be3eca6f72ddd57 (diff)
download	otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.gz otp-803bc2a1df253ff43255a9407672030fe2b4afd5.tar.bz2 otp-803bc2a1df253ff43255a9407672030fe2b4afd5.zip