diff options
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index c176801810..28b0564cac 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -919,13 +919,14 @@ handle_options(Opts0, Role, Host) -> CertFile = handle_option(certfile, Opts, <<>>), RecordCb = record_cb(Opts), - Versions = case handle_option(versions, Opts, []) of - [] -> - RecordCb:supported_protocol_versions(); - Vsns -> - Versions0 = [RecordCb:protocol_version(Vsn) || Vsn <- Vsns], - lists:sort(fun RecordCb:is_higher/2, Versions0) - end, + [HighestVersion|_] = Versions = + case handle_option(versions, Opts, []) of + [] -> + RecordCb:supported_protocol_versions(); + Vsns -> + Versions0 = [RecordCb:protocol_version(Vsn) || Vsn <- Vsns], + lists:sort(fun RecordCb:is_higher/2, Versions0) + end, Protocol = handle_option(protocol, Opts, tls), @@ -968,6 +969,16 @@ handle_options(Opts0, Role, Host) -> tls_v1:default_signature_algs(Versions), Role)), tls_version(RecordCb:highest_protocol_version(Versions))), + signature_algs_cert = + handle_signature_algorithms_option( + proplists:get_value( + signature_algs_cert, + Opts, + default_option_role(server, + tls_v1:default_signature_schemes(HighestVersion), + Role + )), + tls_version(HighestVersion)), %% Server side option reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun), reuse_sessions = handle_option(reuse_sessions, Opts, true), @@ -1304,6 +1315,21 @@ handle_hashsigns_option(_, Version) when Version >= {3, 3} -> handle_hashsigns_option(_, _Version) -> undefined. +handle_signature_algorithms_option(Value, Version) when is_list(Value) + andalso Version >= {3, 4} -> + case tls_v1:signature_schemes(Version, Value) of + [] -> + throw({error, {options, + no_supported_signature_schemes, + {signature_algs_cert, Value}}}); + _ -> + Value + end; +handle_signature_algorithms_option(_, Version) when Version >= {3, 4} -> + handle_signature_algorithms_option(tls_v1:default_signature_schemes(Version), Version); +handle_signature_algorithms_option(_, _Version) -> + undefined. + validate_options([]) -> []; validate_options([{Opt, Value} | Tail]) -> |