From d9fd104e64eccbdca2a9d7d3efb801c8d85ecb18 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 8 Jun 2015 12:15:23 +0200
Subject: ssl: Do not crash on proprietary hash_sign algorithms

TLS hash_sign algorithms may have proprietary values see
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

We should add callbacks to let applications handle them.
But for now we do not want to crash if they are present and
let other algorithms be negotiated.
---
 lib/ssl/src/ssl_cipher.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index bec0055353..c2af0f946a 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1209,7 +1209,8 @@ hash_algorithm(?SHA) -> sha;
 hash_algorithm(?SHA224) -> sha224;
 hash_algorithm(?SHA256) -> sha256;
 hash_algorithm(?SHA384) -> sha384;
-hash_algorithm(?SHA512) -> sha512.
+hash_algorithm(?SHA512) -> sha512;
+hash_algorithm(Other)  when is_integer(Other) andalso ((Other >= 224) and (Other =< 255)) -> Other.
 
 sign_algorithm(anon)  -> ?ANON;
 sign_algorithm(rsa)   -> ?RSA;
@@ -1218,7 +1219,8 @@ sign_algorithm(ecdsa) -> ?ECDSA;
 sign_algorithm(?ANON) -> anon;
 sign_algorithm(?RSA) -> rsa;
 sign_algorithm(?DSA) -> dsa;
-sign_algorithm(?ECDSA) -> ecdsa.
+sign_algorithm(?ECDSA) -> ecdsa;
+sign_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and (Other =< 255)) -> Other.
 
 hash_size(null) ->
     0;
-- 
cgit v1.2.3


From 97531f2f4dbd4bf7426434792e7e6af6aa8e12ef Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 3 Dec 2015 10:55:37 +0100
Subject: ssl: Prepare for release

---
 lib/ssl/src/ssl.appup.src | 8 ++++++--
 lib/ssl/vsn.mk            | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index d100e41930..4c4163d7fd 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,14 +1,18 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]},
+  {<<"6.0.1">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}]},
+  {<<"6.0">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []},
+               {load_module, ssl_handshake, soft_purge, soft_purge, []}]},
   {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"4\\..*">>, [{restart_application, ssl}]},
   {<<"3\\..*">>, [{restart_application, ssl}]}
  ], 
  [
-  {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]},
+  {<<"6.0.1">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}]},
+  {<<"6.0">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []},
+	       {load_module, ssl_handshake, soft_purge, soft_purge, []}]},
   {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"4\\..*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index d5a9a71736..eedf8cf705 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 6.0.1
+SSL_VSN = 6.0.1.1
-- 
cgit v1.2.3