diff options
author | Andrew Thompson <[email protected]> | 2014-02-08 00:58:11 -0500 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2014-03-26 10:13:55 +0100 |
commit | 9756dcd97cd819c9b2d64c35dd36550f99600e92 (patch) | |
tree | 1f7a8f1eabe71993442963c4530e8c96579ccb06 /lib/public_key/src | |
parent | 8991663e33313233fed9cb7b0149baec1aa32b3f (diff) | |
download | otp-9756dcd97cd819c9b2d64c35dd36550f99600e92.tar.gz otp-9756dcd97cd819c9b2d64c35dd36550f99600e92.tar.bz2 otp-9756dcd97cd819c9b2d64c35dd36550f99600e92.zip |
Rework IDP validation according to the RFC, fix public_key tests
Diffstat (limited to 'lib/public_key/src')
-rw-r--r-- | lib/public_key/src/pubkey_cert.erl | 4 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_crl.erl | 14 |
2 files changed, 11 insertions, 7 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index 07469e342f..6272fae91b 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -343,8 +343,8 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> case split_uri(URI) of incomplete -> false; - {_, _, _Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, URI, + {_, _, Host, _, _} -> + match_name(fun is_valid_host_or_domain/2, Host, PermittedName, Rest) end; diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl index 503d0205a6..2d947058de 100644 --- a/lib/public_key/src/pubkey_crl.erl +++ b/lib/public_key/src/pubkey_crl.erl @@ -393,11 +393,15 @@ verify_dp_name(asn1_NOVALUE, _) -> ok; verify_dp_name(IDPNames, DPorIssuerNames) -> - case match_one(DPorIssuerNames, IDPNames) of - true -> - ok; - false -> - throw({bad_crl, scope_error}) + %% RFC 5280 section 5.2.5 + %% Check that at least one IssuingDistributionPointName in the CRL lines up + %% with a DistributionPointName in the certificate. + Matches = [X || X <- IDPNames, Y <- DPorIssuerNames, X == Y], + case Matches of + [] -> + throw({bad_crl, scope_error}); + _ -> + ok end. match_one([], _) -> |