aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-11-16 10:53:37 +0100
committerPéter Dimitrov <[email protected]>2018-11-20 09:55:54 +0100
commitf75e1a8b00c3f678d21b4f62a0140b50a4404504 (patch)
tree837172f74cdca566dc7ee98544b2f76cb37b3517 /lib
parent5667810578357122b3a49949c3e7826f652833c2 (diff)
downloadotp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.tar.gz
otp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.tar.bz2
otp-f75e1a8b00c3f678d21b4f62a0140b50a4404504.zip
ssl: Fix handling of "signature_algs" in ClientHello
Use signature schemes in the "signature_algs" extension when creating TLS 1.3 ClientHello extensions. Change-Id: I1402bec659c70352a4a2200146911fd4246d2fe2
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/ssl_handshake.erl24
1 files changed, 16 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 7dec0a283f..0b2ecfc981 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1037,15 +1037,14 @@ client_hello_extensions(Version, CipherSuites, SslOpts, ConnectionStates, Renego
maybe_add_tls13_extensions(Version, HelloExtensions1, SslOpts, KeyShare).
-add_tls12_extensions(Version,
- #ssl_options{signature_algs = SupportedHashSigns} = SslOpts,
+add_tls12_extensions(_Version,
+ SslOpts,
ConnectionStates,
Renegotiation) ->
SRP = srp_user(SslOpts),
#{renegotiation_info => renegotiation_info(tls_record, client,
ConnectionStates, Renegotiation),
srp => SRP,
- signature_algs => available_signature_algs(SupportedHashSigns, Version),
alpn => encode_alpn(SslOpts#ssl_options.alpn_advertised_protocols, Renegotiation),
next_protocol_negotiation =>
encode_client_protocol_negotiation(SslOpts#ssl_options.next_protocol_selector,
@@ -1058,16 +1057,19 @@ add_common_extensions({3,4},
HelloExtensions,
_CipherSuites,
#ssl_options{eccs = SupportedECCs,
- supported_groups = Groups}) ->
+ supported_groups = Groups,
+ signature_algs = SignatureSchemes}) ->
{EcPointFormats, _} =
client_ecc_extensions(SupportedECCs),
HelloExtensions#{ec_point_formats => EcPointFormats,
- elliptic_curves => Groups};
+ elliptic_curves => Groups,
+ signature_algs => signature_algs_ext(SignatureSchemes)};
-add_common_extensions(_Version,
+add_common_extensions(Version,
HelloExtensions,
CipherSuites,
- #ssl_options{eccs = SupportedECCs}) ->
+ #ssl_options{eccs = SupportedECCs,
+ signature_algs = SupportedHashSigns}) ->
{EcPointFormats, EllipticCurves} =
case advertises_ec_ciphers(
@@ -1079,7 +1081,8 @@ add_common_extensions(_Version,
{undefined, undefined}
end,
HelloExtensions#{ec_point_formats => EcPointFormats,
- elliptic_curves => EllipticCurves}.
+ elliptic_curves => EllipticCurves,
+ signature_algs => available_signature_algs(SupportedHashSigns, Version)}.
maybe_add_tls13_extensions({3,4},
@@ -1154,6 +1157,11 @@ maybe_add_key_share(HelloExtensions, KeyShare) ->
client_shares = ClientShares}}.
+signature_algs_ext(undefined) ->
+ undefined;
+signature_algs_ext(SignatureSchemes) ->
+ #signature_algorithms{signature_scheme_list = SignatureSchemes}.
+
signature_algs_cert(undefined) ->
undefined;
signature_algs_cert(SignatureSchemes) ->