From 4d0e43b5e252b979d50c17592c08ae68ece5fa07 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 11 Jun 2010 08:21:23 +0000
Subject: OTP-8695 New ssl default

Ssl has now switched default implementation and removed deprecated
certificate handling. All certificate handling is done by the public_key
application.
---
 lib/ssl/src/ssl_connection.erl | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

(limited to 'lib/ssl/src/ssl_connection.erl')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index abd1b59011..07fa101ed4 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -125,8 +125,12 @@ recv(Pid, Length, Timeout) ->
 %% Description: Connect to a ssl server.
 %%--------------------------------------------------------------------
 connect(Host, Port, Socket, Options, User, CbInfo, Timeout) ->
-    start_fsm(client, Host, Port, Socket, Options, User, CbInfo,
-	      Timeout).
+    try start_fsm(client, Host, Port, Socket, Options, User, CbInfo,
+		  Timeout)
+    catch
+	exit:{noproc, _} ->
+	    {error, ssl_not_started}
+    end.
 %%--------------------------------------------------------------------
 %% Function: accept(Port, Socket, Opts, User, 
 %%                  CbInfo, Timeout) -> {ok, Socket} | {error, Reason}
@@ -135,8 +139,12 @@ connect(Host, Port, Socket, Options, User, CbInfo, Timeout) ->
 %%              ssl handshake. 
 %%--------------------------------------------------------------------
 ssl_accept(Port, Socket, Opts, User, CbInfo, Timeout) ->
-    start_fsm(server, "localhost", Port, Socket, Opts, User, 
-	      CbInfo, Timeout).
+    try start_fsm(server, "localhost", Port, Socket, Opts, User, 
+		  CbInfo, Timeout)
+    catch
+	exit:{noproc, _} ->
+	    {error, ssl_not_started}
+    end.	
 
 %%--------------------------------------------------------------------
 %% Function: handshake(SslSocket, Timeout) -> ok | {error, Reason}
@@ -1492,15 +1500,15 @@ handle_server_key(
     SecParams = ConnectionState#connection_state.security_parameters,
     #security_parameters{client_random = ClientRandom,
 			 server_random = ServerRandom} = SecParams, 
-    Plain = ssl_handshake:server_key_exchange_plain(KeyAlgo,
-						    <<ClientRandom/binary, 
+    Hash = ssl_handshake:server_key_exchange_hash(KeyAlgo,
+						  <<ClientRandom/binary, 
 						   ServerRandom/binary, 
-						     ?UINT16(PLen), P/binary, 
-						     ?UINT16(GLen), G/binary,
-						     ?UINT16(YLen),
+						   ?UINT16(PLen), P/binary, 
+						   ?UINT16(GLen), G/binary,
+						   ?UINT16(YLen),
 						   ServerPublicDhKey/binary>>),
-   
-    case verify_dh_params(Signed, Plain, PubKeyInfo) of
+    
+    case verify_dh_params(Signed, Hash, PubKeyInfo) of
 	true ->
 	    PMpint = mpint_binary(P),
 	    GMpint = mpint_binary(G),	
@@ -1533,8 +1541,8 @@ verify_dh_params(Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) ->
 	_ ->
 	    false
     end;
-verify_dh_params(Signed, Plain, {?'id-dsa', PublicKey, PublicKeyParams}) ->
-    public_key:verify_signature(Plain, sha, Signed, PublicKey, PublicKeyParams). 
+verify_dh_params(Signed, Hash, {?'id-dsa', PublicKey, PublicKeyParams}) ->
+    public_key:verify_signature(Hash, none, Signed, PublicKey, PublicKeyParams). 
 
 
 encode_alert(#alert{} = Alert, Version, ConnectionStates) ->
-- 
cgit v1.2.3