1 files changed, 34 insertions, 14 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index c772697f1d..0c44d3ae90 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -303,12 +303,13 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,
       User, CbInfo]) ->
     State0 = initial_state(Role, Host, Port, Socket, Options, User, CbInfo),
     Hashes0 = ssl_handshake:init_hashes(),    
-
+    TimeStamp = calendar:datetime_to_gregorian_seconds({date(), time()}),
     try ssl_init(SSLOpts0, Role) of
 	{ok, Ref, CertDbHandle, CacheHandle, OwnCert, Key, DHParams} ->
 	    Session = State0#state.session,
 	    State = State0#state{tls_handshake_hashes = Hashes0,
-				 session = Session#session{own_certificate = OwnCert},
+				 session = Session#session{own_certificate = OwnCert,
+							   time_stamp = TimeStamp},
 				 cert_db_ref = Ref,
 				 cert_db = CertDbHandle,
 				 session_cache = CacheHandle,
@@ -351,8 +352,7 @@ hello(start, #state{host = Host, port = Port, role = client,
     State1 = State0#state{connection_states = CS2,
 			 negotiated_version = Version, %% Requested version
 			  session =
-			      Session0#session{session_id = Hello#client_hello.session_id,
-					       is_resumable = false},
+			      Session0#session{session_id = Hello#client_hello.session_id},
 			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
     next_state(hello, Record, State);
@@ -1126,18 +1126,38 @@ init_private_key(DbHandle, undefined, KeyFile, Password, _) ->
 	{ok, List} = ssl_manager:cache_pem_file(KeyFile, DbHandle),
 	[PemEntry] = [PemEntry || PemEntry = {PKey, _ , _} <- List,
 				  PKey =:= 'RSAPrivateKey' orelse
-				      PKey =:= 'DSAPrivateKey'],
-	public_key:pem_entry_decode(PemEntry, Password)
+				      PKey =:= 'DSAPrivateKey' orelse
+				      PKey =:= 'PrivateKeyInfo'
+		     ],
+	private_key(public_key:pem_entry_decode(PemEntry, Password))
     catch 
 	Error:Reason ->
 	    handle_file_error(?LINE, Error, Reason, KeyFile, ekeyfile,
 			      erlang:get_stacktrace()) 
     end;
 
+%% First two clauses are for backwards compatibility
 init_private_key(_,{rsa, PrivateKey}, _, _,_) ->
-    public_key:der_decode('RSAPrivateKey', PrivateKey);
+    init_private_key('RSAPrivateKey', PrivateKey);
 init_private_key(_,{dsa, PrivateKey},_,_,_) ->
-    public_key:der_decode('DSAPrivateKey', PrivateKey).
+    init_private_key('DSAPrivateKey', PrivateKey);
+init_private_key(_,{Asn1Type, PrivateKey},_,_,_) ->
+    private_key(init_private_key(Asn1Type, PrivateKey)).
+
+init_private_key(Asn1Type, PrivateKey) ->
+    public_key:der_decode(Asn1Type, PrivateKey).
+
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'rsaEncryption'},
+			     privateKey = Key}) ->
+    public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key));
+
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa'},
+			     privateKey = Key}) ->
+    public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
+private_key(Key) ->
+    Key.
 
 -spec(handle_file_error(_,_,_,_,_,_) -> no_return()).
 handle_file_error(Line, Error, {badmatch, Reason}, File, Throw, Stack) ->
@@ -1987,16 +2007,16 @@ next_state_is_connection(State0) ->
 					       public_key_info = undefined,
 					       tls_handshake_hashes = {<<>>, <<>>}}).
 
-register_session(_, _, _, #session{is_resumable = true} = Session) ->
-    Session; %% Already registered
-register_session(client, Host, Port, Session0) ->
+register_session(client, Host, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Host, Port, Session),
     Session;
-register_session(server, _, Port, Session0) ->
+register_session(server, _, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Port, Session),
-    Session.
+    Session;
+register_session(_, _, _, Session) ->
+    Session. %% Already registered
 
 invalidate_session(client, Host, Port, Session) ->
     ssl_manager:invalidate_session(Host, Port, Session);
@@ -2020,7 +2040,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   %% We do not want to save the password in the state so that
 	   %% could be written in the clear into error logs.
 	   ssl_options = SSLOptions#ssl_options{password = undefined},	   
-	   session = #session{is_resumable = false},
+	   session = #session{is_resumable = new},
 	   transport_cb = CbModule,
 	   data_tag = DataTag,
 	   close_tag = CloseTag,