You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was unable to find a public interface in OTP's SSL application for getting the master_secret, client_random, and server_random values. They are all located in the security parameters record stored in the connection state. These values are useful for certain crypto protocols as mixing material for handshakes done over the SSL connection.
I'm currently reading the values through the following slightly icky hack (but great that it is possible at all):
{code:erlang}
lookup({sslsocket, _, Connection}) ->
{_, #state { connection_states = CS }} = sys:get_state(Connection),
#connection_state { security_parameters = Params } = ssl_record:current_connection_state(CS, read),
Params.
client_random(Socket) ->
#security_parameters { client_random = ClientRandom } = lookup(Socket),
ClientRandom.
{code}
(and same for server_random/1 and master_secret/1)
I'm unsure how they should be exposed in the SSL module, but I will happily implement it if I get a hint on where to put the logic. I assume the OTP application doesn't want one function per value like I currently have in my (hacked) implementation.
The text was updated successfully, but these errors were encountered:
The potential place to put it would be in connection_info or possible session_info that is a function that we thought we might need but we actually have not made it an API function yet. We have not decided if we need it or not, and what it should return.
However there is also the ssl:prf/5 that helps you in some cases. I am not sure if it is useful in your use case.
ssl:prf/5 does a bit too much to the values for being usable for me.
I'll try to prioritise getting a proof of concept patch working for upstreaming :-)
Original reporter:
ahf
Affected version:
Not Specified
Fixed in version:
OTP-20.0
Component:
ssl
Migrated from: https://bugs.erlang.org/browse/ERL-166
The text was updated successfully, but these errors were encountered: