[erlang-questions] SSL connection problem
Ingela Andin
ingela.andin@REDACTED
Mon Jun 8 15:08:37 CEST 2015
Hi!
Ok, the following patch should take away the crash and hopefully make it
possible negotiate a valid connection (without making things unsafe),
in the short perspective. In a longer perspective we probably will want to
add some kind of callbacks to let the application handle proprietary
algorithms in the certificate-request and in the client hello. We will
also consider adding code for ignoring valid but currently not specified
codes.
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 3ed53b7..0039f24 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1574,8 +1574,8 @@ hash_algorithm(?SHA224) -> sha224;
hash_algorithm(?SHA256) -> sha256;
hash_algorithm(?SHA384) -> sha384;
hash_algorithm(?SHA512) -> sha512;
-hash_algorithm(Other) when is_integer(Other) -> Other.
-
+hash_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and
(Other =< 255)) -> Other.
+
sign_algorithm(anon) -> ?ANON;
sign_algorithm(rsa) -> ?RSA;
sign_algorithm(dsa) -> ?DSA;
@@ -1584,7 +1584,7 @@ sign_algorithm(?ANON) -> anon;
sign_algorithm(?RSA) -> rsa;
sign_algorithm(?DSA) -> dsa;
sign_algorithm(?ECDSA) -> ecdsa;
-sign_algorithm(Other) when is_integer(Other) -> Other.
+sign_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and
(Other =< 255)) -> Other.
hash_size(null) ->
0;
Regards Ingela Erlang/OTP Team - Ericsson AB
2015-06-08 12:20 GMT+02:00 Evgeny Khramtsov <xramtsov@REDACTED>:
> Mon, 8 Jun 2015 09:02:23 +0000 (UTC)
> Andreas Schultz <aschultz@REDACTED> wrote:
>
> > Also, the Apple server send the extension in question in an
> > "Certificate Request", with the actual value beeing: 0xEF 0xEF (in
> > decimal 239,239).
>
> In fact there are 3 undefined values in the request: 239, 238 and 237
> for both hash and signature algorithm. The complete sequence looks like
> this:
> [{sha512,rsa},
> {sha512,dsa},
> {sha512,ecdsa},
> {239,239},
> {sha384,rsa},
> {sha384,dsa},
> {sha384,ecdsa},
> {sha256,rsa},
> {sha256,dsa},
> {sha256,ecdsa},
> {238,238},
> {237,237},
> {sha224,rsa},
> {sha224,dsa},
> {sha224,ecdsa},
> {sha,rsa},
> {sha,dsa},
> {sha,ecdsa}].
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150608/4e1cb3eb/attachment.htm>
More information about the erlang-questions
mailing list