From b4fc84117b6bd1105ca8ccb91f699564ac400dff Mon Sep 17 00:00:00 2001
From: Danil Zagoskin <z@gosk.in>
Date: Mon, 21 Apr 2014 22:00:09 +0400
Subject: ssl: always pass negotiated version when selecting hashsign

Negotiated version is now always passed to ssl_handshake:select_hashsign
because ssl_handshake:select_cert_hashsign has different rsa defaults on
tlsv1.2 and older versions.
---
 lib/ssl/src/ssl_connection.erl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/ssl/src/ssl_connection.erl')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index edf49a340b..75100864c8 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -441,8 +441,9 @@ certify(#server_key_exchange{} = Msg,
     Connection:handle_unexpected_message(Msg, certify_server_keyexchange, State);
 
 certify(#certificate_request{hashsign_algorithms = HashSigns},
-	#state{session = #session{own_certificate = Cert}} = State0, Connection) ->
-    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert),
+	#state{session = #session{own_certificate = Cert},
+        negotiated_version = Version} = State0, Connection) ->
+    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert, Version),
     {Record, State} = Connection:next_record(State0#state{client_certificate_requested = true}),
     Connection:next_state(certify, certify, Record,
 			  State#state{cert_hashsign_algorithm = HashSign});
-- 
cgit v1.2.3