Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into maint-r14

* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
  Peer awarness

1 files changed, 9 insertions, 2 deletions

diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 902e9ad3c0..d514b9a3aa 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -557,9 +557,16 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
 
     %% We want the key_usage extension to be checked before we validate
     %% the signature. 
-    UserState0 = pubkey_cert:validate_signature(OtpCert, DerCert,
+    UserState6 = pubkey_cert:validate_signature(OtpCert, DerCert,
 						Key, KeyParams, UserState5, VerifyFun),
-    UserState = pubkey_cert:verify_fun(OtpCert, valid, UserState0, VerifyFun),
+    UserState = case Last of
+		    false ->
+			pubkey_cert:verify_fun(OtpCert, valid, UserState6, VerifyFun);
+		    true ->
+			pubkey_cert:verify_fun(OtpCert, valid_peer,
+					       UserState6, VerifyFun)
+		end,
+
     ValidationState  = 
 	ValidationState1#path_validation_state{user_state = UserState},