diff options
author | Loïc Hoguin <[email protected]> | 2017-10-25 16:05:55 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2017-10-25 16:05:55 +0100 |
commit | 26003f9b9bf707df2b007d706e79fbb046bd9e4f (patch) | |
tree | d9b4670ee629200c90bff8343466d94e5545f170 | |
parent | e59b02e7cc3452ed6380e13e286fc69791080b85 (diff) | |
download | ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.gz ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.bz2 ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.zip |
Add options to request client certificates in make_certs_in_ets
-rw-r--r-- | src/ct_helper.erl | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/src/ct_helper.erl b/src/ct_helper.erl index f1e44f8..92ac515 100644 --- a/src/ct_helper.erl +++ b/src/ct_helper.erl @@ -119,10 +119,39 @@ make_certs() -> {CaCert, Cert, {Asn1Type, Der}}. %% @doc Create a set of certificates and store them in an ets table. +%% +%% The verify options are there so that: +%% +%% - We retrieve client certificates when they are provided. +%% - We accept self-signed certificates. +%% +%% They have no effect otherwise. + +%% Taken from http://erlang.org/doc/apps/public_key/public_key_records.html +-record('Extension', { + extnID, % id_extensions() | oid() + critical, % boolean() + extnValue % der_encoded() +}). make_certs_in_ets() -> - {_, Cert, Key} = ct_helper:make_certs(), - CertOpts = [{cert, Cert}, {key, Key}], + {CaCert, Cert, Key} = ct_helper:make_certs(), + VerifyFun = fun + (_, {bad_cert, _}, UserState) -> + {valid, UserState}; + (_, {extension, #'Extension'{critical=true}}, UserState) -> + {valid, UserState}; + (_, {extension, _}, UserState) -> + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState}; + (_, valid_peer, UserState) -> + {valid, UserState} + end, + CertOpts = [ + {cert, Cert}, {key, Key}, {cacerts, [CaCert]}, + {verify, verify_peer}, {verify_fun, {VerifyFun, []}} + ], Pid = spawn(fun() -> receive after infinity -> ok end end), ?MODULE = ets:new(?MODULE, [ordered_set, public, named_table, {heir, Pid, undefined}]), |