diff options
Diffstat (limited to 'lib/ssl/src/dtls_handshake.erl')
| -rw-r--r-- | lib/ssl/src/dtls_handshake.erl | 19 | 
1 files changed, 10 insertions, 9 deletions
| diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl index 6e9bf99e52..8e749e65b8 100644 --- a/lib/ssl/src/dtls_handshake.erl +++ b/lib/ssl/src/dtls_handshake.erl @@ -79,7 +79,7 @@ client_hello(Host, Port, Cookie, ConnectionStates,      Extensions = ssl_handshake:client_hello_extensions(TLSVersion, CipherSuites,                                                         SslOpts, ConnectionStates,  -                                                       Renegotiation), +                                                       Renegotiation, undefined),      Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),      #client_hello{session_id = Id, @@ -169,10 +169,7 @@ handle_client_hello(Version,                                    cipher_suites = CipherSuites,                                    compression_methods = Compressions,                                    random = Random, -                                  extensions = -                                      #hello_extensions{elliptic_curves = Curves, -                                                        signature_algs = ClientHashSigns}  -                                  = HelloExt}, +                                  extensions = HelloExt},  		    #ssl_options{versions = Versions,  				 signature_algs = SupportedHashSigns,                                   eccs = SupportedECCs, @@ -181,6 +178,8 @@ handle_client_hello(Version,                      Renegotiation) ->      case dtls_record:is_acceptable_version(Version, Versions) of  	true -> +            Curves = maps:get(elliptic_curves, HelloExt, undefined), +            ClientHashSigns = maps:get(signature_algs, HelloExt, undefined),  	    TLSVersion = dtls_v1:corresponding_tls_version(Version),  	    AvailableHashSigns = ssl_handshake:available_signature_algs(  				   ClientHashSigns, SupportedHashSigns, Cert,TLSVersion), @@ -195,7 +194,7 @@ handle_client_hello(Version,  		    ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY);  		_ ->  		    #{key_exchange := KeyExAlg} = ssl_cipher_format:suite_definition(CipherSuite), -		    case ssl_handshake:select_hashsign(ClientHashSigns, Cert, KeyExAlg,  +		    case ssl_handshake:select_hashsign({ClientHashSigns, undefined}, Cert, KeyExAlg,  						       SupportedHashSigns, TLSVersion) of  			#alert{} = Alert ->  			    Alert; @@ -332,7 +331,7 @@ decode_handshake(Version, <<?BYTE(Type), Bin/binary>>) ->  decode_handshake(_, ?HELLO_REQUEST, <<>>) ->      #hello_request{}; -decode_handshake(_Version, ?CLIENT_HELLO, <<?UINT24(_), ?UINT16(_), +decode_handshake(Version, ?CLIENT_HELLO, <<?UINT24(_), ?UINT16(_),  					    ?UINT24(_),  ?UINT24(_),   					    ?BYTE(Major), ?BYTE(Minor), Random:32/binary,  					    ?BYTE(SID_length), Session_ID:SID_length/binary, @@ -340,8 +339,10 @@ decode_handshake(_Version, ?CLIENT_HELLO, <<?UINT24(_), ?UINT16(_),  					    ?UINT16(Cs_length), CipherSuites:Cs_length/binary,  					    ?BYTE(Cm_length), Comp_methods:Cm_length/binary,  					    Extensions/binary>>) -> -     -    DecodedExtensions = ssl_handshake:decode_hello_extensions({client, Extensions}), +    TLSVersion = dtls_v1:corresponding_tls_version(Version), +    LegacyVersion = dtls_v1:corresponding_tls_version({Major, Minor}), +    Exts = ssl_handshake:decode_vector(Extensions), +    DecodedExtensions = ssl_handshake:decode_hello_extensions(Exts, TLSVersion, LegacyVersion, client),      #client_hello{         client_version = {Major,Minor}, | 
