diff options
author | Hans Nilsson <[email protected]> | 2014-03-07 11:04:42 +0100 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2014-03-26 10:13:56 +0100 |
commit | 8c8999af805265704ce0a3029c85a33f4d42c145 (patch) | |
tree | 3ffc2f9fca6e27aea7eeb6d418be9ac63ffed0f7 /lib/public_key/src | |
parent | 9756dcd97cd819c9b2d64c35dd36550f99600e92 (diff) | |
download | otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.gz otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.bz2 otp-8c8999af805265704ce0a3029c85a33f4d42c145.zip |
ssl, pubkey: Code and test adjustments
Diffstat (limited to 'lib/public_key/src')
-rw-r--r-- | lib/public_key/src/pubkey_cert.erl | 7 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_crl.erl | 39 |
2 files changed, 18 insertions, 28 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index 6272fae91b..ae517ca642 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -344,8 +344,11 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> incomplete -> false; {_, _, Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, Host, - PermittedName, Rest) + PN = case split_uri(PermittedName) of + {_, _, PNhost, _, _} -> PNhost; + _X -> PermittedName + end, + match_name(fun is_valid_host_or_domain/2, Host, PN, Rest) end; match_name(emailAddress, Name, [PermittedName | Rest]) -> diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl index 2d947058de..f0df4bc3f2 100644 --- a/lib/public_key/src/pubkey_crl.erl +++ b/lib/public_key/src/pubkey_crl.erl @@ -393,31 +393,28 @@ verify_dp_name(asn1_NOVALUE, _) -> ok; verify_dp_name(IDPNames, DPorIssuerNames) -> - %% RFC 5280 section 5.2.5 - %% Check that at least one IssuingDistributionPointName in the CRL lines up - %% with a DistributionPointName in the certificate. - Matches = [X || X <- IDPNames, Y <- DPorIssuerNames, X == Y], - case Matches of - [] -> - throw({bad_crl, scope_error}); - _ -> - ok + case match_one(DPorIssuerNames, IDPNames) of + true -> + ok; + false -> + throw({bad_crl, scope_error}) end. match_one([], _) -> false; match_one([{Type, Name} | Names], CandidateNames) -> - Candidates = [NameName || {NameType, NameName} <- CandidateNames, NameType == Type], + Candidates = [NameName || {NameType, NameName} <- CandidateNames, + NameType == Type], case Candidates of [] -> false; [_|_] -> - case pubkey_cert:match_name(Type, Name, Candidates) of - true -> - true; - false -> - match_one(Names, CandidateNames) - end + case pubkey_cert:match_name(Type, Name, Candidates) of + true -> + true; + false -> + match_one(Names, CandidateNames) + end end. verify_dp_bools(TBSCert, IDP) -> @@ -702,13 +699,3 @@ authority_key_identifier(Extensions) -> Enc = extension_value(?'id-ce-authorityKeyIdentifier', 'AuthorityKeyIdentifier', Extensions), pubkey_cert_records:transform(Enc, decode). - -subject_alt_names(Extensions) -> - Enc = extension_value(?'id-ce-subjectAltName', - 'GeneralNames', Extensions), - case Enc of - undefined -> - []; - _ -> - pubkey_cert_records:transform(Enc, decode) - end. |