diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-09-01 08:37:37 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2010-09-01 08:37:37 +0200 |
| commit | 8537e5489707c8961c1a6f045f635b7a064f811c (patch) | |
| tree | a74a43c10ba57dec0c03e5e42581fffa637ae140 /lib/public_key/src | |
| parent | d6559386aaf37419864885bcd6bf43a9af8480b7 (diff) | |
| parent | a6de8740405037bad55c09089f1d69c8c5511d6c (diff) | |
| download | otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.gz otp-8537e5489707c8961c1a6f045f635b7a064f811c.tar.bz2 otp-8537e5489707c8961c1a6f045f635b7a064f811c.zip | |
Merge branch 'ia/ssl-public_key-empty-cert-chain/OTP-8788' into dev
* ia/ssl-public_key-empty-cert-chain/OTP-8788:
Empty certificate chain
Diffstat (limited to 'lib/public_key/src')
| -rw-r--r-- | lib/public_key/src/public_key.erl | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 95c3d714d3..f9b992afd3 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -373,11 +373,9 @@ pkix_verify(DerCert, #'RSAPublicKey'{} = RSAKey) pkix_is_issuer(Cert, IssuerCert) when is_binary(Cert) -> OtpCert = pkix_decode_cert(Cert, otp), pkix_is_issuer(OtpCert, IssuerCert); - pkix_is_issuer(Cert, IssuerCert) when is_binary(IssuerCert) -> OtpIssuerCert = pkix_decode_cert(IssuerCert, otp), pkix_is_issuer(Cert, OtpIssuerCert); - pkix_is_issuer(#'OTPCertificate'{tbsCertificate = TBSCert}, #'OTPCertificate'{tbsCertificate = Candidate}) -> pubkey_cert:is_issuer(TBSCert#'OTPTBSCertificate'.issuer, @@ -438,7 +436,7 @@ pkix_normalize_name(Issuer) -> pubkey_cert:normalize_general_name(Issuer). %%-------------------------------------------------------------------- --spec pkix_path_validation(der_encoded()| #'OTPCertificate'{}, +-spec pkix_path_validation(der_encoded()| #'OTPCertificate'{} | unknown_ca, CertChain :: [der_encoded()] , Options :: list()) -> {ok, {PublicKeyInfo :: term(), @@ -447,10 +445,16 @@ pkix_normalize_name(Issuer) -> {error, {bad_cert, Reason :: term()}}. %% Description: Performs a basic path validation according to RFC 5280. %%-------------------------------------------------------------------- -pkix_path_validation(TrustedCert, CertChain, Options) - when is_binary(TrustedCert) -> - OtpCert = pkix_decode_cert(TrustedCert, otp), - pkix_path_validation(OtpCert, CertChain, Options); +pkix_path_validation(unknown_ca, [Cert | Chain], Options) -> + case proplists:get_value(verify, Options, true) of + true -> + {error, {bad_cert, unknown_ca}}; + false -> + pkix_path_validation(Cert, Chain, [{acc_errors, [{bad_cert, unknown_ca}]}]) + end; +pkix_path_validation(TrustedCert, CertChain, Options) when + is_binary(TrustedCert) -> OtpCert = pkix_decode_cert(TrustedCert, + otp), pkix_path_validation(OtpCert, CertChain, Options); pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options) when is_list(CertChain), is_list(Options) -> |