aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-10-01 11:39:30 +0200
committerIngela Anderton Andin <[email protected]>2010-10-01 11:39:30 +0200
commit132e46f29297ab3de25b33bd52ddbad078900276 (patch)
treef9241b069e803936f80f5d90ec06a9a5ac946e55 /lib/public_key/src
parent800a07c5a386a79465ad33e5015ba20bad2ccc62 (diff)
parent9c6842dbbe45bdf1568f165cc135257c4addbe0e (diff)
downloadotp-132e46f29297ab3de25b33bd52ddbad078900276.tar.gz
otp-132e46f29297ab3de25b33bd52ddbad078900276.tar.bz2
otp-132e46f29297ab3de25b33bd52ddbad078900276.zip
Merge branch 'maint-r14' into dev
Conflicts: lib/public_key/src/pubkey_cert.erl
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/pubkey_cert.erl4
-rw-r--r--lib/public_key/src/public_key.appup.src4
-rw-r--r--lib/public_key/src/public_key.erl11
3 files changed, 13 insertions, 6 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index ac59b6313d..c467e24741 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -295,8 +295,8 @@ is_fixed_dh_cert(#'OTPCertificate'{tbsCertificate =
%%--------------------------------------------------------------------
--spec verify_fun(#'OTPCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
- valid, term(), fun()) -> term().
+-spec verify_fun(#'OTPTBSCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
+ valid | valid_peer, term(), fun()) -> term().
%%
%% Description: Gives the user application the opportunity handle path
%% validation errors and unknown extensions and optional do other
diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src
index adc50d1d45..0f9f62d2f6 100644
--- a/lib/public_key/src/public_key.appup.src
+++ b/lib/public_key/src/public_key.appup.src
@@ -6,7 +6,7 @@
{update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
{update, public_key, soft, soft_purge, soft_purge, []},
{update, pubkey_pem, soft, soft_purge, soft_purge, []},
- {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
+ {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
{update, pubkey_cert, soft, soft_purge, soft_purge, []}
]
}
@@ -17,7 +17,7 @@
{update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
{update, public_key, soft, soft_purge, soft_purge, []},
{update, pubkey_pem, soft, soft_purge, soft_purge, []},
- {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
+ {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
{update, pubkey_cert, soft, soft_purge, soft_purge, []}
]
}
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index aa3018bd2d..095a6ff0e0 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -556,9 +556,16 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
%% We want the key_usage extension to be checked before we validate
%% the signature.
- UserState0 = pubkey_cert:validate_signature(OtpCert, DerCert,
+ UserState6 = pubkey_cert:validate_signature(OtpCert, DerCert,
Key, KeyParams, UserState5, VerifyFun),
- UserState = pubkey_cert:verify_fun(OtpCert, valid, UserState0, VerifyFun),
+ UserState = case Last of
+ false ->
+ pubkey_cert:verify_fun(OtpCert, valid, UserState6, VerifyFun);
+ true ->
+ pubkey_cert:verify_fun(OtpCert, valid_peer,
+ UserState6, VerifyFun)
+ end,
+
ValidationState =
ValidationState1#path_validation_state{user_state = UserState},