1 files changed, 41 insertions, 33 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 34006612a2..b6059eac58 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -58,7 +58,10 @@
 %%====================================================================	     
 %%--------------------------------------------------------------------
 -spec connect(tls_connection | dtls_connection,
-	      host(), inet:port_number(), port(), {#ssl_options{}, #socket_options{}},
+	      host(), inet:port_number(), port(),
+	      {#ssl_options{}, #socket_options{},
+	       %% Tracker only needed on server side
+	       undefined},
 	      pid(), tuple(), timeout()) ->
 		     {ok, #sslsocket{}} | {error, reason()}.
 %%
@@ -73,9 +76,10 @@ connect(Connection, Host, Port, Socket, Options, User, CbInfo, Timeout) ->
     end.
 %%--------------------------------------------------------------------
 -spec ssl_accept(tls_connection | dtls_connection,
-		 inet:port_number(), port(), {#ssl_options{}, #socket_options{}},
-				      pid(), tuple(), timeout()) ->
-    {ok, #sslsocket{}} | {error, reason()}.
+		 inet:port_number(), port(),
+		 {#ssl_options{}, #socket_options{}, undefined | pid()},
+		 pid(), tuple(), timeout()) ->
+			{ok, #sslsocket{}} | {error, reason()}.
 %%
 %% Description: Performs accept on an ssl listen socket. e.i. performs
 %%              ssl handshake. 
@@ -102,7 +106,8 @@ handshake(#sslsocket{pid = Pid}, Timeout) ->
     end.
 
 %%--------------------------------------------------------------------
--spec handshake(#sslsocket{}, #ssl_options{}, timeout()) ->  ok | {error, reason()}.
+-spec handshake(#sslsocket{}, {#ssl_options{},#socket_options{}},
+		timeout()) ->  ok | {error, reason()}.
 %%
 %% Description: Starts ssl handshake with some new options 
 %%--------------------------------------------------------------------
@@ -322,6 +327,7 @@ abbreviated(#hello_request{}, State0, Connection) ->
 abbreviated(#finished{verify_data = Data} = Finished,
 	    #state{role = server,
 		   negotiated_version = Version,
+		   expecting_finished = true,
 		   tls_handshake_history = Handshake,
 		   session = #session{master_secret = MasterSecret},
 		   connection_states = ConnectionStates0} =
@@ -334,7 +340,8 @@ abbreviated(#finished{verify_data = Data} = Finished,
 		ssl_record:set_client_verify_data(current_both, Data, ConnectionStates0),
 	    Connection:next_state_connection(abbreviated,
 					     ack_connection(
-					       State#state{connection_states = ConnectionStates}));
+					       State#state{connection_states = ConnectionStates,
+							   expecting_finished = false}));
 	#alert{} = Alert ->
 	    Connection:handle_own_alert(Alert, Version, abbreviated, State)
     end;
@@ -354,7 +361,7 @@ abbreviated(#finished{verify_data = Data} = Finished,
 		finalize_handshake(State0#state{connection_states = ConnectionStates1},
 				   abbreviated, Connection),
 	    Connection:next_state_connection(abbreviated,
-					     ack_connection(State));
+					     ack_connection(State#state{expecting_finished = false}));
         #alert{} = Alert ->
 	    Connection:handle_own_alert(Alert, Version, abbreviated, State0)
     end;
@@ -365,7 +372,7 @@ abbreviated(#next_protocol{selected_protocol = SelectedProtocol},
 	    #state{role = server, expecting_next_protocol_negotiation = true} = State0,
 	    Connection) ->
     {Record, State} = Connection:next_record(State0#state{next_protocol = SelectedProtocol}),
-    Connection:next_state(abbreviated, abbreviated, Record, State);
+    Connection:next_state(abbreviated, abbreviated, Record, State#state{expecting_next_protocol_negotiation = false});
 
 abbreviated(timeout, State, _) ->
     {next_state, abbreviated, State, hibernate };
@@ -407,7 +414,9 @@ certify(#certificate{} = Cert,
 	       ssl_options = Opts} = State, Connection) ->
     case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, Opts#ssl_options.depth,
 			       Opts#ssl_options.verify,
-			       Opts#ssl_options.verify_fun, Role) of
+			       Opts#ssl_options.verify_fun,
+			       Opts#ssl_options.partial_chain,
+			       Role) of
         {PeerCert, PublicKeyInfo} ->
 	    handle_peer_cert(Role, PeerCert, PublicKeyInfo,
 			     State#state{client_certificate_requested = false}, Connection);
@@ -589,6 +598,7 @@ cipher(#finished{verify_data = Data} = Finished,
 	      host = Host,
 	      port = Port,
 	      role = Role,
+	      expecting_finished = true,
 	      session = #session{master_secret = MasterSecret}
 	      = Session0,
 	      connection_states = ConnectionStates0,
@@ -599,7 +609,7 @@ cipher(#finished{verify_data = Data} = Finished,
 					 MasterSecret, Handshake0) of
         verified ->
 	    Session = register_session(Role, Host, Port, Session0),
-	    cipher_role(Role, Data, Session, State, Connection);
+	    cipher_role(Role, Data, Session, State#state{expecting_finished = false}, Connection);
         #alert{} = Alert ->
 	    Connection:handle_own_alert(Alert, Version, cipher, State)
     end;
@@ -607,7 +617,8 @@ cipher(#finished{verify_data = Data} = Finished,
 %% only allowed to send next_protocol message after change cipher spec
 %% & before finished message and it is not allowed during renegotiation
 cipher(#next_protocol{selected_protocol = SelectedProtocol},
-       #state{role = server, expecting_next_protocol_negotiation = true} = State0, Connection) ->
+       #state{role = server, expecting_next_protocol_negotiation = true,
+	      expecting_finished = true} = State0, Connection) ->
     {Record, State} = Connection:next_record(State0#state{next_protocol = SelectedProtocol}),
     Connection:next_state(cipher, cipher, Record, State#state{expecting_next_protocol_negotiation = false});
 
@@ -926,27 +937,27 @@ terminate(_Reason, _StateName, #state{transport_cb = Transport,
     Transport:close(Socket).
 
 format_status(normal, [_, State]) ->
-    [{data, [{"StateData", State}]}]; 
+    [{data, [{"StateData", State}]}];  
 format_status(terminate, [_, State]) ->
     SslOptions = (State#state.ssl_options),
-    NewOptions = SslOptions#ssl_options{password = "***",
-					cert = "***",
-					cacerts = "***",
-					key = "***",			      
-					dh = "***",
-					psk_identity = "***",
-					srp_identity = "***"},
-    [{data, [{"StateData", State#state{connection_states = "***",
-				       protocol_buffers =  "***",
-				       user_data_buffer = "***",
-				       tls_handshake_history =  "***",
-				       session =  "***",
-				       private_key =  "***",
-				       diffie_hellman_params = "***",
-				       diffie_hellman_keys =  "***",
-				       srp_params = "***",
-				       srp_keys =  "***",
-				       premaster_secret =  "***",
+    NewOptions = SslOptions#ssl_options{password = ?SECRET_PRINTOUT,
+					cert = ?SECRET_PRINTOUT,
+					cacerts = ?SECRET_PRINTOUT,
+					key = ?SECRET_PRINTOUT,			      
+					dh = ?SECRET_PRINTOUT,
+					psk_identity = ?SECRET_PRINTOUT,
+					srp_identity = ?SECRET_PRINTOUT},
+    [{data, [{"StateData", State#state{connection_states = ?SECRET_PRINTOUT,
+				       protocol_buffers =  ?SECRET_PRINTOUT,
+				       user_data_buffer = ?SECRET_PRINTOUT,
+				       tls_handshake_history =  ?SECRET_PRINTOUT,
+				       session =  ?SECRET_PRINTOUT,
+				       private_key =  ?SECRET_PRINTOUT,
+				       diffie_hellman_params = ?SECRET_PRINTOUT,
+				       diffie_hellman_keys =  ?SECRET_PRINTOUT,
+				       srp_params = ?SECRET_PRINTOUT,
+				       srp_keys =  ?SECRET_PRINTOUT,
+				       premaster_secret =  ?SECRET_PRINTOUT,
 				       ssl_options = NewOptions
 				      }}]}].
 %%--------------------------------------------------------------------
@@ -1034,9 +1045,6 @@ server_hello_done(State, Connection) ->
     HelloDone = ssl_handshake:server_hello_done(),
     Connection:send_handshake(HelloDone, State).
 
-
-
-
 handle_peer_cert(Role, PeerCert, PublicKeyInfo,
 		 #state{session = #session{cipher_suite = CipherSuite} = Session} = State0,
 		 Connection) ->