ssl: Allow empty psk identity #9843
Conversation
CT Test Results 2 files 66 suites 48m 53s ⏱️ Results for commit 7036490. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
|
For background, I'm attempting to connect to 'developer services' on iPhones running 17.0 <= iOS < 17.4. An SRP handshake establishes a session key which acts as the PSK for a TLSv1.2 service running on such devices. However the service expects that an empty PSK identity is passed, and rejects the connection otherwise. To confirm, this still requires the client to explicitly provide the option: {psk_identity, ""}The default remains |
Relax the psk_identity validation to allow the client to provide an empty string.
ausimian
force-pushed
the
ssl/allow-empty-psk-identity
branch
from
7036490 to
85c093d
Compare
|
Dunno if i did the right thing, but i noticed there were merge conflicts against maint, i assume 28 or something got merged in there - anyway I redid the change to reflect some of the ssl re-org in 28. I'd personally like to see this change back-ported to 27 etc, as 27 is what we're running on rn and happy to submit fixes for that if it's a thing. |
|
@ausimian When a new major OTP release is produced what will happen is also that the maint branch will changed to point to the new release and master will become the development branch for the next-major release. We have not had time to handle your PR yet hope to have time to take a closer look soonish. If we decide to include it you can make a branch based on the tag of the latest OTP-27 patch and we could piggyback it on some other OTP-27 patch build. |
Relax the psk_identity validation to allow the client to provide an empty string.