Add options to request client certificates in make_certs_in_ets

author: Loïc Hoguin <[email protected]> 2017-10-25 16:05:55 +0100
committer: Loïc Hoguin <[email protected]> 2017-10-25 16:05:55 +0100
commit: 26003f9b9bf707df2b007d706e79fbb046bd9e4f (patch)
tree: d9b4670ee629200c90bff8343466d94e5545f170
parent: e59b02e7cc3452ed6380e13e286fc69791080b85 (diff)
download: ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.gz
ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.bz2
ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.zip
1 files changed, 31 insertions, 2 deletions
diff --git a/src/ct_helper.erl b/src/ct_helper.erl
index f1e44f8..92ac515 100644
--- a/src/ct_helper.erl
+++ b/src/ct_helper.erl
@@ -119,10 +119,39 @@ make_certs() ->
 	{CaCert, Cert, {Asn1Type, Der}}.
 
 %% @doc Create a set of certificates and store them in an ets table.
+%%
+%% The verify options are there so that:
+%%
+%% - We retrieve client certificates when they are provided.
+%% - We accept self-signed certificates.
+%%
+%% They have no effect otherwise.
+
+%% Taken from http://erlang.org/doc/apps/public_key/public_key_records.html
+-record('Extension', {
+	extnID,    % id_extensions() | oid()
+	critical,  % boolean()
+	extnValue  % der_encoded()
+}).
 
 make_certs_in_ets() ->
-	{_, Cert, Key} = ct_helper:make_certs(),
-	CertOpts = [{cert, Cert}, {key, Key}],
+	{CaCert, Cert, Key} = ct_helper:make_certs(),
+	VerifyFun = fun
+		(_, {bad_cert, _}, UserState) ->
+			{valid, UserState};
+		(_, {extension, #'Extension'{critical=true}}, UserState) ->
+			{valid, UserState};
+		(_, {extension, _}, UserState) ->
+			{unknown, UserState};
+		(_, valid, UserState) ->
+			{valid, UserState};
+		(_, valid_peer, UserState) ->
+			{valid, UserState}
+	end,
+	CertOpts = [
+		{cert, Cert}, {key, Key}, {cacerts, [CaCert]},
+		{verify, verify_peer}, {verify_fun, {VerifyFun, []}}
+	],
 	Pid = spawn(fun() -> receive after infinity -> ok end end),
 	?MODULE = ets:new(?MODULE, [ordered_set, public, named_table,
 		{heir, Pid, undefined}]),
author	Loïc Hoguin <[email protected]>	2017-10-25 16:05:55 +0100
committer	Loïc Hoguin <[email protected]>	2017-10-25 16:05:55 +0100
commit	26003f9b9bf707df2b007d706e79fbb046bd9e4f (patch)
tree	d9b4670ee629200c90bff8343466d94e5545f170
parent	e59b02e7cc3452ed6380e13e286fc69791080b85 (diff)
download	ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.gz ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.tar.bz2 ct_helper-26003f9b9bf707df2b007d706e79fbb046bd9e4f.zip