diff options
Diffstat (limited to 'lib/ssl/src/dtls_connection.erl')
| -rw-r--r-- | lib/ssl/src/dtls_connection.erl | 83 |
1 files changed, 45 insertions, 38 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index 08229d8bb5..899e7d3305 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -88,7 +88,7 @@ %% | Abbrev Flight 1 to Abbrev Flight 2 part 1 %% | %% New session | Resumed session -%% WAIT_OCSP_STAPELING CERTIFY <----------------------------------> ABBRIVIATED +%% WAIT_OCSP_STAPLING CERTIFY <----------------------------------> ABBREVIATED %% %% <- Possibly Receive -- | | %% OCSP Stapel ------> | Send/ Recv Flight 5 | @@ -155,17 +155,20 @@ code_change/4, format_status/2]). +%% Tracing +-export([handle_trace/3]). + %%==================================================================== %% Internal application API -%%==================================================================== +%%==================================================================== %%==================================================================== %% Setup -%%==================================================================== +%%==================================================================== init([Role, Host, Port, Socket, Options, User, CbInfo]) -> process_flag(trap_exit, true), State0 = initial_state(Role, Host, Port, Socket, Options, User, CbInfo), try - State = ssl_gen_statem:ssl_config(State0#state.ssl_options, + State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, Role, State0), gen_statem:enter_loop(?MODULE, [], initial_hello, State) catch @@ -175,8 +178,8 @@ init([Role, Host, Port, Socket, Options, User, CbInfo]) -> gen_statem:enter_loop(?MODULE, [], config_error, EState) end. %%==================================================================== -%% Handshake -%%==================================================================== +%% Handshake +%%==================================================================== renegotiate(#state{static_env = #static_env{role = client}} = State0, Actions) -> %% Handle same way as if server requested %% the renegotiation @@ -191,7 +194,7 @@ renegotiate(#state{static_env = #static_env{role = server}} = State0, Actions) - dtls_gen_connection:next_event(hello, no_record, State, Actions ++ MoreActions). %%-------------------------------------------------------------------- -%% State functions +%% State functions %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- -spec initial_hello(gen_statem:event_type(), @@ -199,7 +202,7 @@ renegotiate(#state{static_env = #static_env{role = server}} = State0, Actions) - gen_statem:state_function_result(). %%-------------------------------------------------------------------- initial_hello(enter, _, State) -> - {keep_state, State}; + {keep_state, State}; initial_hello({call, From}, {start, Timeout}, #state{static_env = #static_env{host = Host, port = Port, @@ -297,34 +300,32 @@ hello(internal, #client_hello{cookie = <<>>, catch throw:#alert{} = Alert -> alert_or_reset_connection(Alert, ?FUNCTION_NAME, State0) end; -hello(internal, #hello_verify_request{cookie = Cookie}, +hello(internal, #hello_verify_request{cookie = Cookie}, #state{static_env = #static_env{role = client, host = Host, port = Port}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}, ocsp_stapling_state = OcspState0} = HsEnv, connection_env = CEnv, - ssl_options = #{ocsp_stapling := OcspStaplingOpt, - ocsp_nonce := OcspNonceOpt} = SslOpts, + ssl_options = SslOpts, session = #session{session_id = Id}, connection_states = ConnectionStates0, protocol_specific = PS } = State0) -> - OcspNonce = tls_handshake:ocsp_nonce(OcspNonceOpt, OcspStaplingOpt), + OcspNonce = tls_handshake:ocsp_nonce(SslOpts), Hello = dtls_handshake:client_hello(Host, Port, Cookie, ConnectionStates0, SslOpts, Id, Renegotiation, OcspNonce), Version = Hello#client_hello.client_version, - State1 = prepare_flight(State0#state{handshake_env = - HsEnv#handshake_env{tls_handshake_history - = ssl_handshake:init_handshake_history(), - ocsp_stapling_state = - OcspState0#{ocsp_nonce => OcspNonce}}}), - - {State2, Actions} = dtls_gen_connection:send_handshake(Hello, State1), - - State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, % RequestedVersion - protocol_specific = PS#{current_cookie_secret => Cookie} - }, + State1 = + prepare_flight( + State0#state{handshake_env = + HsEnv#handshake_env{ + tls_handshake_history = ssl_handshake:init_handshake_history(), + ocsp_stapling_state = OcspState0#{ocsp_nonce => OcspNonce}}}), + {State2, Actions} = dtls_gen_connection:send_handshake(Hello, State1), + State = State2#state{connection_env = + CEnv#connection_env{negotiated_version = Version}, % RequestedVersion + protocol_specific = PS#{current_cookie_secret => Cookie}}, dtls_gen_connection:next_event(?FUNCTION_NAME, no_record, State, Actions); hello(internal, #client_hello{extensions = Extensions} = Hello, #state{handshake_env = #handshake_env{continue_status = pause}, @@ -372,11 +373,11 @@ hello(internal, #server_hello{} = Hello, try {Version, NewId, ConnectionStates, ProtoExt, Protocol, OcspState} = dtls_handshake:hello(Hello, SslOptions, ConnectionStates0, Renegotiation, OldId), - tls_dtls_connection:handle_session(Hello, - Version, NewId, ConnectionStates, ProtoExt, Protocol, - State#state{handshake_env = - HsEnv#handshake_env{ - ocsp_stapling_state = maps:merge(OcspState0,OcspState)}}) + tls_dtls_connection:handle_session( + Hello, Version, NewId, ConnectionStates, ProtoExt, Protocol, + State#state{handshake_env = + HsEnv#handshake_env{ + ocsp_stapling_state = maps:merge(OcspState0,OcspState)}}) catch throw:#alert{} = Alert -> ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) end; @@ -478,10 +479,7 @@ wait_cert_verify(info, Event, State) -> wait_cert_verify(state_timeout, Event, State) -> handle_state_timeout(Event, ?FUNCTION_NAME, State); wait_cert_verify(Type, Event, State) -> - try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State) - catch throw:#alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) - end. + gen_handshake(?FUNCTION_NAME, Type, Event, State). %%-------------------------------------------------------------------- -spec cipher(gen_statem:event_type(), term(), #state{}) -> @@ -505,7 +503,7 @@ cipher(internal = Type, #finished{} = Event, #state{connection_states = Connecti cipher(state_timeout, Event, State) -> handle_state_timeout(Event, ?FUNCTION_NAME, State); cipher(Type, Event, State) -> - gen_handshake(?FUNCTION_NAME, Type, Event, State). + gen_handshake(?FUNCTION_NAME, Type, Event, State). %%-------------------------------------------------------------------- -spec connection(gen_statem:event_type(), @@ -654,7 +652,7 @@ format_status(Type, Data) -> %%% Internal functions %%-------------------------------------------------------------------- initial_state(Role, Host, Port, Socket, - {#{client_renegotiation := ClientRenegotiation} = SSLOptions, SocketOptions, Trackers}, User, + {SSLOptions, SocketOptions, Trackers}, User, {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) -> put(log_level, maps:get(log_level, SSLOptions)), BeastMitigation = maps:get(beast_mitigation, SSLOptions, disabled), @@ -681,13 +679,11 @@ initial_state(Role, Host, Port, Socket, handshake_env = #handshake_env{ tls_handshake_history = ssl_handshake:init_handshake_history(), renegotiation = {false, first}, - allow_renegotiate = ClientRenegotiation + allow_renegotiate = maps:get(client_renegotiation, SSLOptions, undefined) }, connection_env = #connection_env{user_application = {Monitor, User}}, socket_options = SocketOptions, - %% We do not want to save the password in the state so that - %% could be written in the clear into error logs. - ssl_options = SSLOptions#{password => undefined}, + ssl_options = SSLOptions, session = #session{is_resumable = false}, connection_states = ConnectionStates, protocol_buffers = #protocol_buffers{}, @@ -762,6 +758,8 @@ alert_or_reset_connection(Alert, StateName, #state{connection_states = Cs} = Sta {next_state, connection, NewState} end. +gen_handshake(_, {call, _From}, {application_data, _Data}, _State) -> + {keep_state_and_data, [postpone]}; gen_handshake(StateName, Type, Event, State) -> try tls_dtls_connection:StateName(Type, Event, State) catch @@ -877,3 +875,12 @@ is_time_to_renegotiate(N, M) when N < M-> is_time_to_renegotiate(_,_) -> true. +%%%################################################################ +%%%# +%%%# Tracing +%%%# +handle_trace(hbn, + {call, {?MODULE, connection, + [_Type = info, Event, _State]}}, + Stack) -> + {io_lib:format("Type = info Event = ~W ", [Event, 10]), Stack}. |