aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-08-14 09:52:26 +0200
committerIngela Anderton Andin <[email protected]>2017-08-23 08:53:56 +0200
commit7e3d979418747e30e55274c6b5ea805625e19dc4 (patch)
tree0d216bee26db0adf98b2f015e8e755d13372d845 /lib/ssl
parenteb4ef92b083f9874b5b4db1f1060585fbb653779 (diff)
downloadotp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.gz
otp-7e3d979418747e30e55274c6b5ea805625e19dc4.tar.bz2
otp-7e3d979418747e30e55274c6b5ea805625e19dc4.zip
ssl: negotiated_hashsign/4 expects TLS version to function correctly
Only DTLS specific code deals with DTLS version, when common code is used the DTLS version should be converted to the corresponding TLS version.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_connection.erl5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1afc4ad2af..5cd66387ae 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -673,10 +673,11 @@ cipher(internal, #certificate_verify{signature = Signature,
tls_handshake_history = Handshake
} = State0, Connection) ->
+ TLSVersion = ssl:tls_version(Version),
%% Use negotiated value if TLS-1.2 otherwhise return default
- HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, Version),
+ HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion),
case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,
- ssl:tls_version(Version), HashSign, MasterSecret, Handshake) of
+ TLSVersion, HashSign, MasterSecret, Handshake) of
valid ->
{Record, State} = Connection:next_record(State0),
Connection:next_event(cipher, Record,