From d9fd104e64eccbdca2a9d7d3efb801c8d85ecb18 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 8 Jun 2015 12:15:23 +0200 Subject: ssl: Do not crash on proprietary hash_sign algorithms TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated. --- lib/ssl/src/ssl_cipher.erl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index bec0055353..c2af0f946a 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -1209,7 +1209,8 @@ hash_algorithm(?SHA) -> sha; hash_algorithm(?SHA224) -> sha224; hash_algorithm(?SHA256) -> sha256; hash_algorithm(?SHA384) -> sha384; -hash_algorithm(?SHA512) -> sha512. +hash_algorithm(?SHA512) -> sha512; +hash_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and (Other =< 255)) -> Other. sign_algorithm(anon) -> ?ANON; sign_algorithm(rsa) -> ?RSA; @@ -1218,7 +1219,8 @@ sign_algorithm(ecdsa) -> ?ECDSA; sign_algorithm(?ANON) -> anon; sign_algorithm(?RSA) -> rsa; sign_algorithm(?DSA) -> dsa; -sign_algorithm(?ECDSA) -> ecdsa. +sign_algorithm(?ECDSA) -> ecdsa; +sign_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and (Other =< 255)) -> Other. hash_size(null) -> 0; -- cgit v1.2.3 From 97531f2f4dbd4bf7426434792e7e6af6aa8e12ef Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 3 Dec 2015 10:55:37 +0100 Subject: ssl: Prepare for release --- lib/ssl/src/ssl.appup.src | 8 ++++++-- lib/ssl/vsn.mk | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src index d100e41930..4c4163d7fd 100644 --- a/lib/ssl/src/ssl.appup.src +++ b/lib/ssl/src/ssl.appup.src @@ -1,14 +1,18 @@ %% -*- erlang -*- {"%VSN%", [ - {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]}, + {<<"6.0.1">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}]}, + {<<"6.0">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}, + {load_module, ssl_handshake, soft_purge, soft_purge, []}]}, {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, {<<"3\\..*">>, [{restart_application, ssl}]} ], [ - {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]}, + {<<"6.0.1">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}]}, + {<<"6.0">>, [{load_module, ssl_cipher, soft_purge, soft_purge, []}, + {load_module, ssl_handshake, soft_purge, soft_purge, []}]}, {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index d5a9a71736..eedf8cf705 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 6.0.1 +SSL_VSN = 6.0.1.1 -- cgit v1.2.3