aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2014-03-07 11:04:42 +0100
committerHans Nilsson <[email protected]>2014-03-26 10:13:56 +0100
commit8c8999af805265704ce0a3029c85a33f4d42c145 (patch)
tree3ffc2f9fca6e27aea7eeb6d418be9ac63ffed0f7 /lib/public_key/src
parent9756dcd97cd819c9b2d64c35dd36550f99600e92 (diff)
downloadotp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.gz
otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.bz2
otp-8c8999af805265704ce0a3029c85a33f4d42c145.zip
ssl, pubkey: Code and test adjustments
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/pubkey_cert.erl7
-rw-r--r--lib/public_key/src/pubkey_crl.erl39
2 files changed, 18 insertions, 28 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 6272fae91b..ae517ca642 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -344,8 +344,11 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) ->
incomplete ->
false;
{_, _, Host, _, _} ->
- match_name(fun is_valid_host_or_domain/2, Host,
- PermittedName, Rest)
+ PN = case split_uri(PermittedName) of
+ {_, _, PNhost, _, _} -> PNhost;
+ _X -> PermittedName
+ end,
+ match_name(fun is_valid_host_or_domain/2, Host, PN, Rest)
end;
match_name(emailAddress, Name, [PermittedName | Rest]) ->
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl
index 2d947058de..f0df4bc3f2 100644
--- a/lib/public_key/src/pubkey_crl.erl
+++ b/lib/public_key/src/pubkey_crl.erl
@@ -393,31 +393,28 @@ verify_dp_name(asn1_NOVALUE, _) ->
ok;
verify_dp_name(IDPNames, DPorIssuerNames) ->
- %% RFC 5280 section 5.2.5
- %% Check that at least one IssuingDistributionPointName in the CRL lines up
- %% with a DistributionPointName in the certificate.
- Matches = [X || X <- IDPNames, Y <- DPorIssuerNames, X == Y],
- case Matches of
- [] ->
- throw({bad_crl, scope_error});
- _ ->
- ok
+ case match_one(DPorIssuerNames, IDPNames) of
+ true ->
+ ok;
+ false ->
+ throw({bad_crl, scope_error})
end.
match_one([], _) ->
false;
match_one([{Type, Name} | Names], CandidateNames) ->
- Candidates = [NameName || {NameType, NameName} <- CandidateNames, NameType == Type],
+ Candidates = [NameName || {NameType, NameName} <- CandidateNames,
+ NameType == Type],
case Candidates of
[] ->
false;
[_|_] ->
- case pubkey_cert:match_name(Type, Name, Candidates) of
- true ->
- true;
- false ->
- match_one(Names, CandidateNames)
- end
+ case pubkey_cert:match_name(Type, Name, Candidates) of
+ true ->
+ true;
+ false ->
+ match_one(Names, CandidateNames)
+ end
end.
verify_dp_bools(TBSCert, IDP) ->
@@ -702,13 +699,3 @@ authority_key_identifier(Extensions) ->
Enc = extension_value(?'id-ce-authorityKeyIdentifier',
'AuthorityKeyIdentifier', Extensions),
pubkey_cert_records:transform(Enc, decode).
-
-subject_alt_names(Extensions) ->
- Enc = extension_value(?'id-ce-subjectAltName',
- 'GeneralNames', Extensions),
- case Enc of
- undefined ->
- [];
- _ ->
- pubkey_cert_records:transform(Enc, decode)
- end.