ssl: negotiated_hashsign/4 expects TLS version to function correctly

Only DTLS specific code deals with DTLS version, when common code is used the DTLS version should be converted to the corresponding TLS version.
vladdu · Aug 23, 2017 · 7e3d979 · 7e3d979
1 parent eb4ef92
commit 7e3d979
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
@@ -673,10 +673,11 @@ cipher(internal, #certificate_verify{signature = Signature,
 	      tls_handshake_history = Handshake
 	     } = State0, Connection) ->
 
+    TLSVersion = ssl:tls_version(Version),
     %% Use negotiated value if TLS-1.2 otherwhise return default
-    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, Version),
+    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion),
     case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,
-					  ssl:tls_version(Version), HashSign, MasterSecret, Handshake) of
+					  TLSVersion, HashSign, MasterSecret, Handshake) of
 	valid ->
 	    {Record, State} = Connection:next_record(State0),
 	    Connection:next_event(cipher, Record,