diff options
author | Ingela Anderton Andin <[email protected]> | 2012-12-17 15:23:52 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-01-11 15:05:34 +0100 |
commit | 1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb (patch) | |
tree | 5fb29c828fc8e630c5bb3bbed285300cf741eea7 /lib/public_key/src | |
parent | fecba72496777b330cc481257def6d534472149c (diff) | |
download | otp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.tar.gz otp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.tar.bz2 otp-1c6aa8a70fb2041d1df3c1f4203d5fbb8a41e4fb.zip |
public_key: Document pkix_path_validation/3 and pkix_crls_validate/3
Diffstat (limited to 'lib/public_key/src')
-rw-r--r-- | lib/public_key/src/public_key.erl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index fa999c5ab9..5686920dd4 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -51,6 +51,8 @@ -type public_crypt_options() :: [{rsa_pad, rsa_padding()}]. -type rsa_digest_type() :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'. -type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility +-type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded + | cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise. -define(UINT32(X), X:32/unsigned-big-integer). -define(DER_NULL, <<5, 0>>). @@ -507,7 +509,7 @@ pkix_normalize_name(Issuer) -> %%-------------------------------------------------------------------- -spec pkix_path_validation(Cert::binary()| #'OTPCertificate'{} | atom(), CertChain :: [binary()] , - Options :: list()) -> + Options :: proplist:proplist()) -> {ok, {PublicKeyInfo :: term(), PolicyTree :: term()}} | {error, {bad_cert, Reason :: term()}}. @@ -542,7 +544,14 @@ pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options) Options), path_validation(CertChain, ValidationState). +%-------------------------------------------------------------------- +-spec pkix_crls_validate(#'OTPCertificate'{}, + [{DP::#'DistributionPoint'{} ,CRL::#'CertificateList'{}}], + Options :: proplist:proplist()) -> valid | {bad_cert, revocation_status_undetermined} + | {bad_cert, {revoked, crl_reason()}}. +%% Description: Performs a basic path validation according to RFC 5280. +%%-------------------------------------------------------------------- pkix_crls_validate(OtpCert, [{_,_,_} |_] = DPAndCRLs, Options) -> pkix_crls_validate(OtpCert, DPAndCRLs, DPAndCRLs, Options, pubkey_crl:init_revokation_state()); |