From 4e848c9c656ab7da22a6ded0d322e4dbd84cc5a3 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 6 Aug 2018 13:04:25 +0200
Subject: ssl: Make sure that a correct cipher suite is selected

The keyexchange ECDHE-RSA requires an RSA-keyed server cert
(corresponding for ECDHE-ECDSA), the code did not assert this
resulting in that a incorrect cipher suite could be selected.

Alas test code was also wrong hiding the error.
---
 lib/ssl/src/ssl_cipher.erl | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 754fc46404..ebdc624ec7 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2775,6 +2775,8 @@ ecdsa_signed_suites(Ciphers, Version) ->
 
 rsa_keyed(dhe_rsa) -> 
     true;
+rsa_keyed(ecdhe_rsa) -> 
+    true;
 rsa_keyed(rsa) -> 
     true;
 rsa_keyed(rsa_psk) -> 
@@ -2838,6 +2840,8 @@ ec_keyed(ecdh_ecdsa) ->
     true;
 ec_keyed(ecdh_rsa) ->
     true;
+ec_keyed(ecdhe_ecdsa) ->
+    true;
 ec_keyed(_) -> 
     false.
 
-- 
cgit v1.2.3


From b42b08abffa0290f240673909032abbb9b57f97c Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 6 Jul 2018 16:11:23 +0200
Subject: ssl: Prepare for release

---
 lib/ssl/src/ssl.appup.src | 4 +++-
 lib/ssl/vsn.mk            | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index bfdd0c205b..ae4d60b6ed 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,6 +1,7 @@
 %% -*- erlang -*-
 {"%VSN%",
- [
+[
+  {<<"9\\..*">>, [{restart_application, ssl}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
@@ -9,6 +10,7 @@
   {<<"3\\..*">>, [{restart_application, ssl}]}
  ], 
  [
+  {<<"9\\..*">>, [{restart_application, ssl}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 10be907b4f..5be527306d 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 9.0
+SSL_VSN = 9.0.1
-- 
cgit v1.2.3


From 2f7bffa9f620e6218a7333a79e416fcce0bc054e Mon Sep 17 00:00:00 2001
From: Erlang/OTP <otp@erlang.org>
Date: Thu, 23 Aug 2018 14:47:30 +0200
Subject: Prepare release

---
 lib/ssl/doc/src/notes.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'lib/ssl')

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 917df03b5b..e518b4a6f6 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -27,6 +27,23 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
 
+<section><title>SSL 9.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Correct cipher suite handling for ECDHE_*, the incorrect
+	    handling could cause an incorrrect suite to be selected
+	    and most likly fail the handshake.</p>
+          <p>
+	    Own Id: OTP-15203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 9.0</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
-- 
cgit v1.2.3