aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2012-12-17 15:23:52 +0100
committerIngela Anderton Andin <[email protected]>2013-01-11 15:05:34 +0100
commit1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb (patch)
tree5fb29c828fc8e630c5bb3bbed285300cf741eea7 /lib/public_key/src
parentfecba72496777b330cc481257def6d534472149c (diff)
downloadotp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.tar.gz
otp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.tar.bz2
otp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.zip
public_key: Document pkix_path_validation/3 and pkix_crls_validate/3
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/public_key.erl11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index fa999c5ab9..5686920dd4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -51,6 +51,8 @@
-type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
-type rsa_digest_type() :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'.
-type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility
+-type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded
+ | cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise.
-define(UINT32(X), X:32/unsigned-big-integer).
-define(DER_NULL, <<5, 0>>).
@@ -507,7 +509,7 @@ pkix_normalize_name(Issuer) ->
%%--------------------------------------------------------------------
-spec pkix_path_validation(Cert::binary()| #'OTPCertificate'{} | atom(),
CertChain :: [binary()] ,
- Options :: list()) ->
+ Options :: proplist:proplist()) ->
{ok, {PublicKeyInfo :: term(),
PolicyTree :: term()}} |
{error, {bad_cert, Reason :: term()}}.
@@ -542,7 +544,14 @@ pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options)
Options),
path_validation(CertChain, ValidationState).
+%--------------------------------------------------------------------
+-spec pkix_crls_validate(#'OTPCertificate'{},
+ [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}],
+ Options :: proplist:proplist()) -> valid | {bad_cert, revocation_status_undetermined}
+ | {bad_cert, {revoked, crl_reason()}}.
+%% Description: Performs a basic path validation according to RFC 5280.
+%%--------------------------------------------------------------------
pkix_crls_validate(OtpCert, [{_,_,_} |_] = DPAndCRLs, Options) ->
pkix_crls_validate(OtpCert, DPAndCRLs, DPAndCRLs,
Options, pubkey_crl:init_revokation_state());