Improved certificate extension handling

Added the functionality so that the verification fun will be called
when a certificate is considered valid by the path validation to allow
access to eachs certificate in the path to the user application.

Removed clause that only check that a extension is not critical,
it does alter the verification rusult only withholds information from
the application.

Try to verify subject-AltName, if unable to verify it let
application try.

1 files changed, 6 insertions, 2 deletions

diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 46b8c3db8b..ea6a925139 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -377,7 +377,9 @@ pkix_path_validation(Config) when is_list(Config) ->
 			      (_,{bad_cert, _} = Reason, _) ->
 				   {fail, Reason};
 			      (_,{extension, _}, UserState) ->
-				   {unknown, UserState}
+				   {unknown, UserState};
+			      (_, valid, UserState) ->
+				   {valid, UserState}
 			   end, []},
     {ok, _} =
 	public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
@@ -392,7 +394,9 @@ pkix_path_validation(Config) when is_list(Config) ->
 	    (_,{bad_cert, _} = Reason, _) ->
 		 {fail, Reason};
 	    (_,{extension, _}, UserState) ->
-		 {unknown, UserState}
+		 {unknown, UserState};
+	    (_, valid, UserState) ->
+		 {valid, UserState}
 	 end, []},
 
     {ok, _} =