From 5b472d1984e99227f7f72fda25ee98e1f9e19d02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 3 Oct 2018 16:33:31 +0200
Subject: ssl: Update default for option signature_algs_cert

The option 'signature_algs_cert' is not set by default.

Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
---
 lib/ssl/src/ssl.erl           | 7 +------
 lib/ssl/src/ssl_handshake.erl | 9 +++++++--
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 7e1c3fc462..ebc55e541a 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -975,10 +975,7 @@ handle_options(Opts0, Role, Host) ->
                            proplists:get_value(
                              signature_algs_cert,
                              Opts,
-                             default_option_role(server,
-                                                 tls_v1:default_signature_schemes(HighestVersion),
-                                                 Role
-                                                )),
+                             undefined),  %% Do not send by default
                            tls_version(HighestVersion)),
 		    %% Server side option
 		    reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
@@ -1326,8 +1323,6 @@ handle_signature_algorithms_option(Value, Version) when is_list(Value)
 	_ ->
 	    Value
     end;
-handle_signature_algorithms_option(_, Version)  when Version >= {3, 4} ->
-    handle_signature_algorithms_option(tls_v1:default_signature_schemes(Version), Version);
 handle_signature_algorithms_option(_, _Version) ->
     undefined.
 
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index a42df453e0..1e57dfd710 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1015,12 +1015,17 @@ client_hello_extensions(Version, CipherSuites,
         {3,4} ->
             HelloExtensions#{client_hello_versions => 
                                  #client_hello_versions{versions = Versions},
-                             signature_algs_cert => 
-                                 #signature_scheme_list{signature_scheme_list = SignatureSchemes}};
+                             signature_algs_cert =>
+                                 signature_scheme_list(SignatureSchemes)};
         _Else ->
             HelloExtensions
     end.
 
+signature_scheme_list(undefined) ->
+    undefined;
+signature_scheme_list(SignatureSchemes) ->
+    #signature_scheme_list{signature_scheme_list = SignatureSchemes}.
+
 handle_client_hello_extensions(RecordCB, Random, ClientCipherSuites,
                                Exts, Version,
 			       #ssl_options{secure_renegotiate = SecureRenegotation,
-- 
cgit v1.2.3