aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-09-23 14:03:08 +0200
committerIngela Anderton Andin <[email protected]>2010-09-28 11:57:13 +0200
commitf5d3597bcaff3109f0b9b1bd8b5d661bb04bb1e4 (patch)
treeb9c1e19b7de6fceac8bba27e1705befa103d61dd
parent17224a3d31d25ce6daa4de63b52b26bee9564bcd (diff)
downloadotp-f5d3597bcaff3109f0b9b1bd8b5d661bb04bb1e4.tar.gz
otp-f5d3597bcaff3109f0b9b1bd8b5d661bb04bb1e4.tar.bz2
otp-f5d3597bcaff3109f0b9b1bd8b5d661bb04bb1e4.zip
Better handling of v1 and v2 certificates.
V1 and v2 certificates does not have any extensions so then validate_extensions should just accept that there are none and not end up in missing_basic_constraints clause.
-rw-r--r--lib/public_key/src/pubkey_cert.erl13
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index e704c168f1..f3e32617af 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -223,10 +223,15 @@ validate_revoked_status(_OtpCert, UserState, _VerifyFun) ->
%%--------------------------------------------------------------------
validate_extensions(OtpCert, ValidationState, UserState, VerifyFun) ->
TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
- Extensions = TBSCert#'OTPTBSCertificate'.extensions,
- validate_extensions(OtpCert, Extensions, ValidationState, no_basic_constraint,
- is_self_signed(OtpCert), UserState, VerifyFun).
-
+ case TBSCert#'OTPTBSCertificate'.version of
+ N when N >= 3 ->
+ Extensions = TBSCert#'OTPTBSCertificate'.extensions,
+ validate_extensions(OtpCert, Extensions,
+ ValidationState, no_basic_constraint,
+ is_self_signed(OtpCert), UserState, VerifyFun);
+ _ -> %% Extensions not present in versions 1 & 2
+ {ValidationState, UserState}
+ end.
%%--------------------------------------------------------------------
-spec normalize_general_name({rdnSequence, term()}) -> {rdnSequence, term()}.
%%