From dcd0547dd2e1a78f89dced3ca5918ae539b11de3 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 17 Jul 2018 14:23:47 +0200 Subject: ssl: Engine key trumps certfile option --- lib/ssl/src/ssl_config.erl | 6 +++--- lib/ssl/test/ssl_engine_SUITE.erl | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/src/ssl_config.erl b/lib/ssl/src/ssl_config.erl index 022fb7eac0..81b18c15af 100644 --- a/lib/ssl/src/ssl_config.erl +++ b/lib/ssl/src/ssl_config.erl @@ -91,9 +91,9 @@ init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, server end; init_certificates(Cert, Config, _, _) -> {ok, Config#{own_certificate => Cert}}. -init_private_key(_, #{algorithm := Alg} = Key, <<>>, _Password, _Client) when Alg == ecdsa; - Alg == rsa; - Alg == dss -> +init_private_key(_, #{algorithm := Alg} = Key, _, _Password, _Client) when Alg == ecdsa; + Alg == rsa; + Alg == dss -> case maps:is_key(engine, Key) andalso maps:is_key(key_id, Key) of true -> Key; diff --git a/lib/ssl/test/ssl_engine_SUITE.erl b/lib/ssl/test/ssl_engine_SUITE.erl index 71891356e8..8025e4e0ed 100644 --- a/lib/ssl/test/ssl_engine_SUITE.erl +++ b/lib/ssl/test/ssl_engine_SUITE.erl @@ -117,8 +117,23 @@ private_key(Config) when is_list(Config) -> EngineServerConf = [{key, #{algorithm => rsa, engine => Engine, key_id => ServerKey}} | proplists:delete(key, ServerConf)], + + EngineFileClientConf = [{key, #{algorithm => rsa, + engine => Engine, + key_id => ClientKey}} | + proplists:delete(keyfile, FileClientConf)], + + EngineFileServerConf = [{key, #{algorithm => rsa, + engine => Engine, + key_id => ServerKey}} | + proplists:delete(keyfile, FileServerConf)], + %% Test with engine test_tls_connection(EngineServerConf, EngineClientConf, Config), + + %% Test with engine and present file arugments + test_tls_connection(EngineFileServerConf, EngineFileClientConf, Config), + %% Test that sofware fallback is available test_tls_connection(ServerConf, [{reuse_sessions, false} |ClientConf], Config). -- cgit v1.2.3 From 7507f47dc14093443fb8446b969f73d276339413 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 20 Jul 2018 14:10:09 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 34fe352d08..e04b33edb9 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -27,6 +27,35 @@

This document describes the changes made to the SSL application.

+
SSL 8.2.6.1 + +
Fixed Bugs and Malfunctions + + +

+ Improve cipher suite handling correcting ECC and TLS-1.2 + requierments. Backport of solution for ERL-641

+

+ Own Id: OTP-15178

+
+
+
+ + +
Improvements and New Features + + +

+ Option keyfile defaults to certfile and should be trumped + with key. This failed for engine keys.

+

+ Own Id: OTP-15193

+
+
+
+ +
+
SSL 8.2.6
Fixed Bugs and Malfunctions -- cgit v1.2.3