Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_dev

* dgud/ssl-patches-from-Wil:
  Added a public_key:pkix_transform/2 instead and used it from ssl.
  Minor code cleanup
  new_ssl fix session reuse
  Code cleanup
  Send CA list during Certificate Request in new_ssl

OTP-8372  Fixed session reuse (in new_ssl), thanks Wil Tan.

          Send CA list during Certificate Request (in new_ssl) , thanks Wil
          Tan.

4 files changed, 67 insertions, 32 deletions

diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl
index 36b7c47a9c..c7d4080adb 100644
--- a/lib/public_key/src/pubkey_cert_records.erl
+++ b/lib/public_key/src/pubkey_cert_records.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -23,7 +23,7 @@
 
 -include("public_key.hrl").
 
--export([decode_cert/2, encode_cert/1, encode_tbs_cert/1]).
+-export([decode_cert/2, encode_cert/1, encode_tbs_cert/1, transform/2]).
 
 -export([old_decode_cert/2, old_encode_cert/1]).  %% Debugging and testing new code.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index b0b0b7a832..52c695523f 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -30,7 +30,7 @@
 	 sign/2, sign/3,
 	 verify_signature/3, verify_signature/4, verify_signature/5,
 	 pem_to_der/1, pem_to_der/2,
-	 pkix_decode_cert/2, pkix_encode_cert/1,
+	 pkix_decode_cert/2, pkix_encode_cert/1, pkix_transform/2,
 	 pkix_is_self_signed/1, pkix_is_fixed_dh_cert/1,
 	 pkix_issuer_id/2,
 	 pkix_is_issuer/2, pkix_normalize_general_name/1,
@@ -162,6 +162,20 @@ pkix_encode_cert(Cert) ->
     pubkey_cert_records:encode_cert(Cert).
     
 %%--------------------------------------------------------------------
+%% Function: pkix_transform(CertPart, Op) -> TransformedCertPart
+%%
+%%	CertPart = pkix part data
+%%      Op = encode | decode
+%%
+%% Description: Transform parts of a pkix certificate between 'plain' format
+%% and the internal 'otp' format, see pkix_decode_cert/2.
+%% Decode transforms from 'plain' to 'otp' and encode from 'otp' to 'plain'
+%% format.
+%%--------------------------------------------------------------------
+pkix_transform(CertPart, Op) ->
+    pubkey_cert_records:transform(CertPart, Op).
+
+%%--------------------------------------------------------------------
 %% Function: pkix_path_validation(TrustedCert, CertChain, Options) -> 
 %%   {ok, {{algorithm(), public_key(), public_key_params()} policy_tree()}} |
 %%   {error, Reason}
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 178c055cdf..d9377fe3d6 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -1115,13 +1115,12 @@ do_server_hello(Type, #state{negotiated_version = Version,
 	    case ssl_handshake:master_secret(Version, Session,
 					     ConnectionStates0, server) of
 		{_, ConnectionStates1} ->
-		    {ConnectionStates, Hashes} =
-			finished(State#state{connection_states =
-					     ConnectionStates1}),
-		    {next_state, abbreviated,
-		     next_record(State#state{connection_states = 
-					     ConnectionStates,
-					     tls_handshake_hashes = Hashes})};
+		    State1 = State#state{connection_states=ConnectionStates1, 
+					 session = Session},
+		    {ConnectionStates, Hashes} = finalize_server_handshake(State1),
+		    Resumed = State1#state{connection_states = ConnectionStates,
+					   tls_handshake_hashes = Hashes},
+		    {next_state, abbreviated, next_record(Resumed)};
 		#alert{} = Alert ->
 		    handle_own_alert(Alert, Version, hello, State), 
 		    {stop, normal, State}
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 829e0c2ba6..8c598135ca 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -860,9 +860,31 @@ certificate_types(_) ->
     %% a RSA_FIXED_DH or DSS_FIXED_DH
     <<?BYTE(?RSA_SIGN)>>.
 
-certificate_authorities(_) ->
-    %%TODO Make list of know CA:s
-    <<>>.
+certificate_authorities(CertDbRef) ->
+    Authorities = certificate_authorities_from_db(CertDbRef),
+    Enc = fun(#'OTPCertificate'{tbsCertificate=TBSCert}) ->
+		  OTPSubj = TBSCert#'OTPTBSCertificate'.subject,
+		  Subj = public_key:pkix_transform(OTPSubj, encode),
+		  {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj),
+		  DNEncodedBin = iolist_to_binary(DNEncoded),
+		  DNEncodedLen = byte_size(DNEncodedBin),
+		  <<?UINT16(DNEncodedLen), DNEncodedBin/binary>>
+	  end,
+    list_to_binary([Enc(Cert) || {_, Cert} <- Authorities]).
+
+certificate_authorities_from_db(CertDbRef) ->
+    certificate_authorities_from_db(CertDbRef, no_candidate, []).
+
+certificate_authorities_from_db(CertDbRef, PrevKey, Acc) ->
+    case ssl_certificate_db:issuer_candidate(PrevKey) of
+	no_more_candidates ->
+	    lists:reverse(Acc);
+	{{CertDbRef, _, _} = Key, Cert} ->
+	    certificate_authorities_from_db(CertDbRef, Key, [Cert|Acc]);
+	{Key, _Cert} ->
+	    %% skip certs not from this ssl connection
+	    certificate_authorities_from_db(CertDbRef, Key, Acc)
+    end.
 
 digitally_signed(Hashes, #'RSAPrivateKey'{} = Key) ->
     public_key:encrypt_private(Hashes, Key,