aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_cipher.erl2
-rw-r--r--lib/ssl/src/ssl_connection.erl2
-rw-r--r--lib/ssl/src/tls_connection.erl9
-rw-r--r--lib/ssl/src/tls_sender.erl34
4 files changed, 32 insertions, 15 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index cfcdcb8ac5..e12faba824 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -994,7 +994,7 @@ filter_suites_pubkey(ec, Ciphers, _, OtpCert) ->
ec_ecdhe_suites(Ciphers)),
filter_keyuse_suites(keyAgreement, Uses, CiphersSuites, ec_ecdh_suites(Ciphers)).
-filter_suites_signature(rsa, Ciphers, {3, N}) when N >= 3 ->
+filter_suites_signature(_, Ciphers, {3, N}) when N >= 3 ->
Ciphers;
filter_suites_signature(rsa, Ciphers, Version) ->
(Ciphers -- ecdsa_signed_suites(Ciphers, Version)) -- dsa_signed_suites(Ciphers, Version);
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1a848df2a3..2abc678ed9 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -627,6 +627,8 @@ init({call, From}, {start, {Opts, EmOpts}, Timeout},
catch throw:Error ->
stop_and_reply(normal, {reply, From, {error, Error}}, State0)
end;
+init({call, From}, {new_user, _} = Msg, State, Connection) ->
+ handle_call(Msg, From, ?FUNCTION_NAME, State, Connection);
init({call, From}, _Msg, _State, _Connection) ->
{keep_state_and_data, [{reply, From, {error, notsup_on_transport_accept_socket}}]};
init(_Type, _Event, _State, _Connection) ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 298758ea38..29988edf76 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -900,7 +900,8 @@ initialize_tls_sender(#state{role = Role,
protocol_cb = Connection,
transport_cb = Transport,
negotiated_version = Version,
- ssl_options = #ssl_options{renegotiate_at = RenegotiateAt},
+ ssl_options = #ssl_options{renegotiate_at = RenegotiateAt,
+ log_level = LogLevel},
connection_states = #{current_write := ConnectionWriteState},
protocol_specific = #{sender := Sender}}) ->
Init = #{current_write => ConnectionWriteState,
@@ -911,7 +912,8 @@ initialize_tls_sender(#state{role = Role,
protocol_cb => Connection,
transport_cb => Transport,
negotiated_version => Version,
- renegotiate_at => RenegotiateAt},
+ renegotiate_at => RenegotiateAt,
+ log_level => LogLevel},
tls_sender:initialize(Sender, Init).
next_tls_record(Data, StateName, #state{protocol_buffers =
@@ -965,6 +967,7 @@ handle_info({CloseTag, Socket}, StateName,
#state{socket = Socket, close_tag = CloseTag,
socket_options = #socket_options{active = Active},
protocol_buffers = #protocol_buffers{tls_cipher_texts = CTs},
+ user_data_buffer = Buffer,
negotiated_version = Version} = State) ->
%% Note that as of TLS 1.1,
@@ -972,7 +975,7 @@ handle_info({CloseTag, Socket}, StateName,
%% session not be resumed. This is a change from TLS 1.0 to conform
%% with widespread implementation practice.
- case (Active == false) andalso (CTs =/= []) of
+ case (Active == false) andalso ((CTs =/= []) or (Buffer =/= <<>>)) of
false ->
case Version of
{1, N} when N >= 1 ->
diff --git a/lib/ssl/src/tls_sender.erl b/lib/ssl/src/tls_sender.erl
index 1c3c44cfe5..75409143a8 100644
--- a/lib/ssl/src/tls_sender.erl
+++ b/lib/ssl/src/tls_sender.erl
@@ -49,7 +49,8 @@
negotiated_version,
renegotiate_at,
connection_monitor,
- dist_handle
+ dist_handle,
+ log_level
}).
%%%===================================================================
@@ -171,7 +172,8 @@ init({call, From}, {Pid, #{current_write := WriteState,
protocol_cb := Connection,
transport_cb := Transport,
negotiated_version := Version,
- renegotiate_at := RenegotiateAt}},
+ renegotiate_at := RenegotiateAt,
+ log_level := LogLevel}},
#data{connection_states = ConnectionStates} = StateData0) ->
Monitor = erlang:monitor(process, Pid),
StateData =
@@ -186,7 +188,8 @@ init({call, From}, {Pid, #{current_write := WriteState,
protocol_cb = Connection,
transport_cb = Transport,
negotiated_version = Version,
- renegotiate_at = RenegotiateAt},
+ renegotiate_at = RenegotiateAt,
+ log_level = LogLevel},
{next_state, handshake, StateData, [{reply, From, ok}]};
init(info, Msg, StateData) ->
handle_info(Msg, ?FUNCTION_NAME, StateData).
@@ -319,21 +322,21 @@ handle_info({'DOWN', Monitor, _, _, _}, _,
#data{connection_monitor = Monitor} = StateData) ->
{stop, normal, StateData};
handle_info(_,_,_) ->
- {keep_state_and_data}.
+ keep_state_and_data.
send_tls_alert(Alert, #data{negotiated_version = Version,
socket = Socket,
protocol_cb = Connection,
transport_cb = Transport,
- connection_states = ConnectionStates0} = StateData0) ->
+ connection_states = ConnectionStates0,
+ log_level = LogLevel} = StateData0) ->
{BinMsg, ConnectionStates} =
Connection:encode_alert(Alert, Version, ConnectionStates0),
Connection:send(Transport, Socket, BinMsg),
- %% TODO: fix ssl_options for this process
- %% Report = #{direction => outbound,
- %% protocol => 'tls_record',
- %% message => BinMsg},
- %% ssl_logger:debug(SslOpts#ssl_options.log_level, Report, #{domain => [otp,ssl,tls_record]}),
+ Report = #{direction => outbound,
+ protocol => 'tls_record',
+ message => BinMsg},
+ ssl_logger:debug(LogLevel, Report, #{domain => [otp,ssl,tls_record]}),
StateData0#data{connection_states = ConnectionStates}.
send_application_data(Data, From, StateName,
@@ -344,7 +347,8 @@ send_application_data(Data, From, StateName,
protocol_cb = Connection,
transport_cb = Transport,
connection_states = ConnectionStates0,
- renegotiate_at = RenegotiateAt} = StateData0) ->
+ renegotiate_at = RenegotiateAt,
+ log_level = LogLevel} = StateData0) ->
case time_to_renegotiate(Data, ConnectionStates0, RenegotiateAt) of
true ->
ssl_connection:internal_renegotiation(Pid, ConnectionStates0),
@@ -356,10 +360,18 @@ send_application_data(Data, From, StateName,
StateData = StateData0#data{connection_states = ConnectionStates},
case Connection:send(Transport, Socket, Msgs) of
ok when DistHandle =/= undefined ->
+ Report = #{direction => outbound,
+ protocol => 'tls_record',
+ message => Msgs},
+ ssl_logger:debug(LogLevel, Report, #{domain => [otp,ssl,tls_record]}),
{next_state, StateName, StateData, []};
Reason when DistHandle =/= undefined ->
{next_state, death_row, StateData, [{state_timeout, 5000, Reason}]};
ok ->
+ Report = #{direction => outbound,
+ protocol => 'tls_record',
+ message => Msgs},
+ ssl_logger:debug(LogLevel, Report, #{domain => [otp,ssl,tls_record]}),
{next_state, StateName, StateData, [{reply, From, ok}]};
Result ->
{next_state, StateName, StateData, [{reply, From, Result}]}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 20:14:39 +0000