Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into maint-r14

* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873: Peer awarness
author: Erlang/OTP <[email protected]> 2010-09-29 08:44:06 +0200
committer: Erlang/OTP <[email protected]> 2010-09-29 08:44:06 +0200
commit: 2d4a7d86f97aec54b8d0544bfd25d833e4d7420a (patch)
tree: 2edea48b407f72f2d1346c15cbaf9261ad9ff3f8 /lib/public_key/src
parent: 8314712874d13fc22291d7f8187f04469b11527f (diff)
parent: e501709bec61bf8813cab741b0e39c211c73c89e (diff)
download: otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.gz
otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.bz2
otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.zip
3 files changed, 12 insertions, 5 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index f3e32617af..570f44e530 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -296,7 +296,7 @@ is_fixed_dh_cert(#'OTPCertificate'{tbsCertificate =
 
 %%--------------------------------------------------------------------
 -spec verify_fun(#'OTPTBSCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
-		 valid, term(), fun()) -> term().
+		 valid | valid_peer, term(), fun()) -> term().
 %%
 %% Description: Gives the user application the opportunity handle path
 %% validation errors and unknown extensions and optional do other
diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src
index adc50d1d45..0f9f62d2f6 100644
--- a/lib/public_key/src/public_key.appup.src
+++ b/lib/public_key/src/public_key.appup.src
@@ -6,7 +6,7 @@
     {update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
     {update, public_key, soft, soft_purge, soft_purge, []},
     {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
+    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
     {update, pubkey_cert, soft, soft_purge, soft_purge, []}
    ]
   }
@@ -17,7 +17,7 @@
     {update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
     {update, public_key, soft, soft_purge, soft_purge, []},
     {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
+    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
     {update, pubkey_cert, soft, soft_purge, soft_purge, []}
    ]
    }
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 902e9ad3c0..d514b9a3aa 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -557,9 +557,16 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
 
     %% We want the key_usage extension to be checked before we validate
     %% the signature. 
-    UserState0 = pubkey_cert:validate_signature(OtpCert, DerCert,
+    UserState6 = pubkey_cert:validate_signature(OtpCert, DerCert,
 						Key, KeyParams, UserState5, VerifyFun),
-    UserState = pubkey_cert:verify_fun(OtpCert, valid, UserState0, VerifyFun),
+    UserState = case Last of
+		    false ->
+			pubkey_cert:verify_fun(OtpCert, valid, UserState6, VerifyFun);
+		    true ->
+			pubkey_cert:verify_fun(OtpCert, valid_peer,
+					       UserState6, VerifyFun)
+		end,
+
     ValidationState  = 
 	ValidationState1#path_validation_state{user_state = UserState},
author	Erlang/OTP <[email protected]>	2010-09-29 08:44:06 +0200
committer	Erlang/OTP <[email protected]>	2010-09-29 08:44:06 +0200
commit	2d4a7d86f97aec54b8d0544bfd25d833e4d7420a (patch)
tree	2edea48b407f72f2d1346c15cbaf9261ad9ff3f8 /lib/public_key/src
parent	8314712874d13fc22291d7f8187f04469b11527f (diff)
parent	e501709bec61bf8813cab741b0e39c211c73c89e (diff)
download	otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.gz otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.bz2 otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.zip