From d6b4f6dd29adc82bc3cedd143e30bef997db9b0c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 18 Dec 2018 12:30:46 +0100 Subject: ssl: Fix renegotiation with new TLS sender Wtite connection state was not synchronized when peer initiated renegotiation --- lib/ssl/src/tls_connection.erl | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'lib/ssl/src/tls_connection.erl') diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 9aeca8c589..798b853026 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -614,6 +614,28 @@ connection({call, From}, {error, timeout} -> {stop_and_reply, {shutdown, downgrade_fail}, [{reply, From, {error, timeout}}]} end; +connection(internal, #hello_request{}, + #state{static_env = #static_env{role = client, + host = Host, + port = Port, + session_cache = Cache, + session_cache_cb = CacheCb}, + renegotiation = {Renegotiation, peer}, + session = #session{own_certificate = Cert} = Session0, + ssl_options = SslOpts, + protocol_specific = #{sender := Pid}, + connection_states = ConnectionStates} = State0) -> + try tls_sender:peer_renegotiate(Pid) of + {ok, Write} -> + Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, + Cache, CacheCb, Renegotiation, Cert), + {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}}), + next_event(hello, no_record, State#state{session = Session0#session{session_id + = Hello#client_hello.session_id}}, Actions) + catch + _:_ -> + {stop, {shutdown, sender_blocked}, State0} + end; connection(internal, #hello_request{}, #state{static_env = #static_env{role = client, host = Host, @@ -622,10 +644,10 @@ connection(internal, #hello_request{}, session_cache_cb = CacheCb}, renegotiation = {Renegotiation, _}, session = #session{own_certificate = Cert} = Session0, - ssl_options = SslOpts, + ssl_options = SslOpts, connection_states = ConnectionStates} = State0) -> Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, Cert), + Cache, CacheCb, Renegotiation, Cert), {State, Actions} = send_handshake(Hello, State0), next_event(hello, no_record, State#state{session = Session0#session{session_id = Hello#client_hello.session_id}}, Actions); @@ -655,6 +677,7 @@ connection(internal, #client_hello{}, send_alert_in_connection(Alert, State0), State = Connection:reinit_handshake_data(State0), next_event(?FUNCTION_NAME, no_record, State); + connection(Type, Event, State) -> ssl_connection:?FUNCTION_NAME(Type, Event, State, ?MODULE). -- cgit v1.2.3