Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:24
erlang
3731-ssl-Improve-names.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 3731-ssl-Improve-names.patch of Package erlang
From 605baff232abc7fe00378a332feab973dc57f0ef Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin <ingela@erlang.org> Date: Thu, 5 May 2022 15:54:38 +0200 Subject: [PATCH 1/2] ssl: Improve names --- lib/ssl/src/ssl_certificate.erl | 12 ++++++------ lib/ssl/src/ssl_handshake.erl | 12 ++++++------ lib/ssl/src/tls_handshake_1_3.erl | 32 +++++++++++++++---------------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index 05162c34d6..3d360803ac 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -699,18 +699,18 @@ maybe_shorten_path(Path, PartialChainHandler, Default) -> DerCerts = [Der || #cert{der=Der} <- Path], try PartialChainHandler(DerCerts) of {trusted_ca, Root} -> - new_trusteded_path(Root, Path, Default); + new_trusted_path(Root, Path, Default); unknown_ca -> Default catch _:_ -> Default end. -new_trusteded_path(DerCert, [#cert{der=DerCert}=Cert | Chain], _) -> - {Cert, Chain}; -new_trusteded_path(DerCert, [_ | Rest], Default) -> - new_trusteded_path(DerCert, Rest, Default); -new_trusteded_path(_, [], Default) -> +new_trusted_path(DerCert, [#cert{der=DerCert}=Cert | Path], _) -> + {Cert, Path}; +new_trusted_path(DerCert, [_ | Rest], Default) -> + new_trusted_path(DerCert, Rest, Default); +new_trusted_path(_, [], Default) -> %% User did not pick a cert present %% in the cert chain so ignore Default. diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 178229f853..2776e0d6a3 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1065,7 +1065,7 @@ select_session(SuggestedSessionId, CipherSuites, HashSigns, Compressions, SessId new_session_parameters(SessionId, #session{ecc = ECCCurve0} = Session, CipherSuites, SslOpts, Version, Compressions, HashSigns, CertKeyPairs) -> Compression = select_compression(Compressions), - {Certs, Key, {ECCCurve, CipherSuite}} = select_cert_key_pair_and_params(CipherSuites, CertKeyPairs, HashSigns, + {Certs, Key, {ECCCurve, CipherSuite}} = server_select_cert_key_pair_and_params(CipherSuites, CertKeyPairs, HashSigns, ECCCurve0, SslOpts, Version), Session#session{session_id = SessionId, ecc = ECCCurve, @@ -1076,32 +1076,32 @@ new_session_parameters(SessionId, #session{ecc = ECCCurve0} = Session, CipherSui %% Possibly support part of "trusted_ca_keys" extension that corresponds to TLS-1.3 certificate_authorities?! -select_cert_key_pair_and_params(CipherSuites, [#{private_key := NoKey, certs := [[]] = NoCerts}], HashSigns, ECCCurve0, +server_select_cert_key_pair_and_params(CipherSuites, [#{private_key := NoKey, certs := [[]] = NoCerts}], HashSigns, ECCCurve0, #{ciphers := UserSuites, honor_cipher_order := HonorCipherOrder}, Version) -> %% This can happen if anonymous cipher suites are enabled Suites = available_suites(undefined, UserSuites, Version, HashSigns, ECCCurve0), CipherSuite0 = select_cipher_suite(CipherSuites, Suites, HonorCipherOrder), CurveAndSuite = cert_curve(undefined, ECCCurve0, CipherSuite0), {NoCerts, NoKey, CurveAndSuite}; -select_cert_key_pair_and_params(CipherSuites, [#{private_key := Key, certs := [Cert | _] = Certs}], HashSigns, ECCCurve0, +server_select_cert_key_pair_and_params(CipherSuites, [#{private_key := Key, certs := [Cert | _] = Certs}], HashSigns, ECCCurve0, #{ciphers := UserSuites, honor_cipher_order := HonorCipherOrder}, Version) -> Suites = available_suites(Cert, UserSuites, Version, HashSigns, ECCCurve0), CipherSuite0 = select_cipher_suite(CipherSuites, Suites, HonorCipherOrder), CurveAndSuite = cert_curve(Cert, ECCCurve0, CipherSuite0), {Certs, Key, CurveAndSuite}; -select_cert_key_pair_and_params(CipherSuites, [#{private_key := Key, certs := [Cert | _] = Certs} | Rest], HashSigns, ECCCurve0, +server_select_cert_key_pair_and_params(CipherSuites, [#{private_key := Key, certs := [Cert | _] = Certs} | Rest], HashSigns, ECCCurve0, #{ciphers := UserSuites, honor_cipher_order := HonorCipherOrder} = Opts, Version) -> Suites = available_suites(Cert, UserSuites, Version, HashSigns, ECCCurve0), case select_cipher_suite(CipherSuites, Suites, HonorCipherOrder) of no_suite -> - select_cert_key_pair_and_params(CipherSuites, Rest, HashSigns, ECCCurve0, Opts, Version); + server_select_cert_key_pair_and_params(CipherSuites, Rest, HashSigns, ECCCurve0, Opts, Version); CipherSuite0 -> case is_acceptable_cert(Cert, HashSigns, ssl:tls_version(Version)) of true -> CurveAndSuite = cert_curve(Cert, ECCCurve0, CipherSuite0), {Certs, Key, CurveAndSuite}; false -> - select_cert_key_pair_and_params(CipherSuites, Rest, HashSigns, ECCCurve0, Opts, Version) + server_select_cert_key_pair_and_params(CipherSuites, Rest, HashSigns, ECCCurve0, Opts, Version) end end. diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index a68c7de159..e145044533 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -2315,14 +2315,14 @@ check_cert_sign_algo(SignAlgo, SignHash, _, ClientSignAlgsCert) -> %% DSA keys are not supported by TLS 1.3 -select_sign_algo(dsa, _RSAKeySize, _PeerSignAlgs, _OwnSignAlgs, _Curve) -> +select_sign_algo(dsa, _RSAKeySize, _CertSignAlg, _OwnSignAlgs, _Curve) -> {error, ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_public_key)}; select_sign_algo(_, _RSAKeySize, [], _, _) -> {error, ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_signature_algorithm)}; select_sign_algo(_, _RSAKeySize, undefined, _OwnSignAlgs, _) -> {error, ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_public_key)}; -select_sign_algo(PublicKeyAlgo, RSAKeySize, [PeerSignAlg|PeerSignAlgs], OwnSignAlgs, Curve) -> - {_, S, _} = ssl_cipher:scheme_to_components(PeerSignAlg), +select_sign_algo(PublicKeyAlgo, RSAKeySize, [CertSignAlg|CertSignAlgs], OwnSignAlgs, Curve) -> + {_, S, _} = ssl_cipher:scheme_to_components(CertSignAlg), %% RSASSA-PKCS1-v1_5 and Legacy algorithms are not defined for use in signed %% TLS handshake messages: filter sha-1 and rsa_pkcs1. %% @@ -2336,36 +2336,36 @@ select_sign_algo(PublicKeyAlgo, RSAKeySize, [PeerSignAlg|PeerSignAlgs], OwnSignA orelse (PublicKeyAlgo =:= eddsa andalso S =:= eddsa) ) andalso - lists:member(PeerSignAlg, OwnSignAlgs) of + lists:member(CertSignAlg, OwnSignAlgs) of true -> validate_key_compatibility(PublicKeyAlgo, RSAKeySize, - [PeerSignAlg|PeerSignAlgs], OwnSignAlgs, Curve); + [CertSignAlg|CertSignAlgs], OwnSignAlgs, Curve); false -> - select_sign_algo(PublicKeyAlgo, RSAKeySize, PeerSignAlgs, OwnSignAlgs, Curve) + select_sign_algo(PublicKeyAlgo, RSAKeySize, CertSignAlgs, OwnSignAlgs, Curve) end. -validate_key_compatibility(PublicKeyAlgo, RSAKeySize, [PeerSignAlg|PeerSignAlgs], OwnSignAlgs, Curve) +validate_key_compatibility(PublicKeyAlgo, RSAKeySize, [CertSignAlg|CertSignAlgs], OwnSignAlgs, Curve) when PublicKeyAlgo =:= rsa orelse PublicKeyAlgo =:= rsa_pss_pss -> - {Hash, Sign, _} = ssl_cipher:scheme_to_components(PeerSignAlg), + {Hash, Sign, _} = ssl_cipher:scheme_to_components(CertSignAlg), case (Sign =:= rsa_pss_rsae orelse Sign =:= rsa_pss_pss) andalso is_rsa_key_compatible(RSAKeySize, Hash) of true -> - {ok, PeerSignAlg}; + {ok, CertSignAlg}; false -> - select_sign_algo(PublicKeyAlgo, RSAKeySize, PeerSignAlgs, OwnSignAlgs, Curve) + select_sign_algo(PublicKeyAlgo, RSAKeySize, CertSignAlgs, OwnSignAlgs, Curve) end; -validate_key_compatibility(PublicKeyAlgo, RSAKeySize, [PeerSignAlg|PeerSignAlgs], OwnSignAlgs, Curve) +validate_key_compatibility(PublicKeyAlgo, RSAKeySize, [CertSignAlg|CertSignAlgs], OwnSignAlgs, Curve) when PublicKeyAlgo =:= ecdsa -> - {_ , Sign, PeerCurve} = ssl_cipher:scheme_to_components(PeerSignAlg), + {_ , Sign, PeerCurve} = ssl_cipher:scheme_to_components(CertSignAlg), case Sign =:= ecdsa andalso Curve =:= PeerCurve of true -> - {ok, PeerSignAlg}; + {ok, CertSignAlg}; false -> - select_sign_algo(PublicKeyAlgo, RSAKeySize, PeerSignAlgs, OwnSignAlgs, Curve) + select_sign_algo(PublicKeyAlgo, RSAKeySize, CertSignAlgs, OwnSignAlgs, Curve) end; -validate_key_compatibility(_, _, [PeerSignAlg|_], _, _) -> - {ok, PeerSignAlg}. +validate_key_compatibility(_, _, [CertSignAlg|_], _, _) -> + {ok, CertSignAlg}. is_rsa_key_compatible(KeySize, Hash) -> HashSize = ssl_cipher:hash_size(Hash), -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor