From e6d9c7eb9e62e220bfb6a5e1b5c1b991c7b9c121 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 20 Jun 2018 11:47:59 +0200
Subject: ssl: Add psk as anonymous key exchange in
 ssl_handshake:select_hashsign/5

Failing to recognize psk as an anonymous key exchange would fail the connection
when trying to decode an undefined certificate.
---
 lib/ssl/src/ssl_handshake.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 3028ae9617..76fc7ae3d1 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1055,7 +1055,8 @@ select_curve(undefined, _, _) ->
 %%--------------------------------------------------------------------
 select_hashsign(_, _, KeyExAlgo, _, _Version) when KeyExAlgo == dh_anon;
                                                    KeyExAlgo == ecdh_anon;
-                                                   KeyExAlgo == srp_anon ->
+                                                   KeyExAlgo == srp_anon;
+                                                   KeyExAlgo == psk ->
     {null, anon};
 %% The signature_algorithms extension was introduced with TLS 1.2. Ignore it if we have
 %% negotiated a lower version.
-- 
cgit v1.2.3


From 26ed7aa618b4860340d646f8f2b545857cee1289 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 2 Jul 2018 12:25:08 +0200
Subject: ssl: Add connection information on new cipher_suite format

---
 lib/ssl/src/ssl_connection.erl | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 556c204ab1..8ea4740ea4 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1482,6 +1482,7 @@ connection_info(#state{sni_hostname = SNIHostname,
     [{protocol, RecordCB:protocol_version(Version)},
      {session_id, SessionId},
      {cipher_suite, ssl_cipher:erl_suite_definition(CipherSuiteDef)},
+     {selected_cipher_suite, CipherSuiteDef},
      {sni_hostname, SNIHostname} | CurveInfo] ++ ssl_options_list(Opts).
 
 security_info(#state{connection_states = ConnectionStates}) ->
-- 
cgit v1.2.3


From f610e27fe71d0b6a19eb836c3d13cc8de610b9ef Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 3 Jul 2018 07:58:25 +0200
Subject: ssl: Do not use legacy format

---
 lib/ssl/src/ssl_connection.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 8ea4740ea4..c5f75894cd 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -2523,7 +2523,7 @@ ssl_options_list([ciphers = Key | Keys], [Value | Values], Acc) ->
    ssl_options_list(Keys, Values, 
 		    [{Key, lists:map(
 			     fun(Suite) -> 
-				     ssl_cipher:erl_suite_definition(Suite) 
+				     ssl_cipher:suite_definition(Suite) 
 			     end, Value)} 
 		     | Acc]);
 ssl_options_list([Key | Keys], [Value | Values], Acc) ->
-- 
cgit v1.2.3