aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2016-06-09 10:50:49 +0200
committerIngela Anderton Andin <[email protected]>2016-06-09 10:50:49 +0200
commit38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4 (patch)
treea482d316933d7f5b69e02eb859a465a4f268cac9
parent6c6cdb99b2f80630816089ad5f75d8a81266b5cc (diff)
parent20b3aa4dabab14ea1a653fb9f88c842edd0e2a69 (diff)
downloadotp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.tar.gz
otp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.tar.bz2
otp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.zip
Merge branch 'ingela/ssl/crl-find-issuer/OTP-13656'
* ingela/ssl/crl-find-issuer/OTP-13656: ssl: Propagate error so that public_key crl validation process continues correctly and determines what should happen.
-rw-r--r--lib/ssl/src/ssl_crl.erl16
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl
index faf5007b16..d9f21e04ac 100644
--- a/lib/ssl/src/ssl_crl.erl
+++ b/lib/ssl/src/ssl_crl.erl
@@ -39,13 +39,12 @@ trusted_cert_and_path(CRL, {SerialNumber, Issuer},{Db, DbRef} = DbHandle) ->
end;
trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) ->
- try find_issuer(CRL, DbHandle) of
- OtpCert ->
+ case find_issuer(CRL, DbHandle) of
+ {ok, OtpCert} ->
{ok, Root, Chain} = ssl_certificate:certificate_chain(OtpCert, Db, DbRef),
- {ok, Root, lists:reverse(Chain)}
- catch
- throw:_ ->
- {error, issuer_not_found}
+ {ok, Root, lists:reverse(Chain)};
+ {error, issuer_not_found} ->
+ {ok, unknown_crl_ca, []}
end.
find_issuer(CRL, {Db,_}) ->
@@ -61,11 +60,10 @@ find_issuer(CRL, {Db,_}) ->
issuer_not_found ->
{error, issuer_not_found}
catch
- {ok, IssuerCert} ->
- IssuerCert
+ {ok, _} = Result ->
+ Result
end.
-
verify_crl_issuer(CRL, ErlCertCandidate, Issuer, NotIssuer) ->
TBSCert = ErlCertCandidate#'OTPCertificate'.tbsCertificate,
case public_key:pkix_normalize_name(TBSCert#'OTPTBSCertificate'.subject) of