From 7e3d979418747e30e55274c6b5ea805625e19dc4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 14 Aug 2017 09:52:26 +0200
Subject: ssl: negotiated_hashsign/4 expects TLS version to function correctly

Only DTLS specific code deals with DTLS version, when common code
is used the DTLS version should be converted to the corresponding TLS version.
---
 lib/ssl/src/ssl_connection.erl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1afc4ad2af..5cd66387ae 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -673,10 +673,11 @@ cipher(internal, #certificate_verify{signature = Signature,
 	      tls_handshake_history = Handshake
 	     } = State0, Connection) ->
     
+    TLSVersion = ssl:tls_version(Version),
     %% Use negotiated value if TLS-1.2 otherwhise return default
-    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, Version),
+    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion),
     case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,
-					  ssl:tls_version(Version), HashSign, MasterSecret, Handshake) of
+					  TLSVersion, HashSign, MasterSecret, Handshake) of
 	valid ->
 	    {Record, State} = Connection:next_record(State0),
 	    Connection:next_event(cipher, Record,
-- 
cgit v1.2.3