diff options
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 7dec0a283f..0b2ecfc981 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1037,15 +1037,14 @@ client_hello_extensions(Version, CipherSuites, SslOpts, ConnectionStates, Renego maybe_add_tls13_extensions(Version, HelloExtensions1, SslOpts, KeyShare). -add_tls12_extensions(Version, - #ssl_options{signature_algs = SupportedHashSigns} = SslOpts, +add_tls12_extensions(_Version, + SslOpts, ConnectionStates, Renegotiation) -> SRP = srp_user(SslOpts), #{renegotiation_info => renegotiation_info(tls_record, client, ConnectionStates, Renegotiation), srp => SRP, - signature_algs => available_signature_algs(SupportedHashSigns, Version), alpn => encode_alpn(SslOpts#ssl_options.alpn_advertised_protocols, Renegotiation), next_protocol_negotiation => encode_client_protocol_negotiation(SslOpts#ssl_options.next_protocol_selector, @@ -1058,16 +1057,19 @@ add_common_extensions({3,4}, HelloExtensions, _CipherSuites, #ssl_options{eccs = SupportedECCs, - supported_groups = Groups}) -> + supported_groups = Groups, + signature_algs = SignatureSchemes}) -> {EcPointFormats, _} = client_ecc_extensions(SupportedECCs), HelloExtensions#{ec_point_formats => EcPointFormats, - elliptic_curves => Groups}; + elliptic_curves => Groups, + signature_algs => signature_algs_ext(SignatureSchemes)}; -add_common_extensions(_Version, +add_common_extensions(Version, HelloExtensions, CipherSuites, - #ssl_options{eccs = SupportedECCs}) -> + #ssl_options{eccs = SupportedECCs, + signature_algs = SupportedHashSigns}) -> {EcPointFormats, EllipticCurves} = case advertises_ec_ciphers( @@ -1079,7 +1081,8 @@ add_common_extensions(_Version, {undefined, undefined} end, HelloExtensions#{ec_point_formats => EcPointFormats, - elliptic_curves => EllipticCurves}. + elliptic_curves => EllipticCurves, + signature_algs => available_signature_algs(SupportedHashSigns, Version)}. maybe_add_tls13_extensions({3,4}, @@ -1154,6 +1157,11 @@ maybe_add_key_share(HelloExtensions, KeyShare) -> client_shares = ClientShares}}. +signature_algs_ext(undefined) -> + undefined; +signature_algs_ext(SignatureSchemes) -> + #signature_algorithms{signature_scheme_list = SignatureSchemes}. + signature_algs_cert(undefined) -> undefined; signature_algs_cert(SignatureSchemes) -> |