ssl, pubkey: Code and test adjustments

author: Hans Nilsson <[email protected]> 2014-03-07 11:04:42 +0100
committer: Hans Nilsson <[email protected]> 2014-03-26 10:13:56 +0100
commit: 8c8999af805265704ce0a3029c85a33f4d42c145 (patch)
tree: 3ffc2f9fca6e27aea7eeb6d418be9ac63ffed0f7 /lib/public_key
parent: 9756dcd97cd819c9b2d64c35dd36550f99600e92 (diff)
download: otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.gz
otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.bz2
otp-8c8999af805265704ce0a3029c85a33f4d42c145.zip
2 files changed, 18 insertions, 28 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 6272fae91b..ae517ca642 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -344,8 +344,11 @@ match_name(uniformResourceIdentifier, URI,  [PermittedName | Rest]) ->
 	incomplete ->
 	    false;
 	{_, _, Host, _, _} ->
-	    match_name(fun is_valid_host_or_domain/2, Host,
-		       PermittedName, Rest)
+	    PN = case split_uri(PermittedName) of
+		     {_, _, PNhost, _, _} -> PNhost;
+		     _X -> PermittedName
+		 end,
+	    match_name(fun is_valid_host_or_domain/2, Host, PN, Rest)
     end;
 
 match_name(emailAddress, Name, [PermittedName | Rest]) ->
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl
index 2d947058de..f0df4bc3f2 100644
--- a/lib/public_key/src/pubkey_crl.erl
+++ b/lib/public_key/src/pubkey_crl.erl
@@ -393,31 +393,28 @@ verify_dp_name(asn1_NOVALUE, _) ->
     ok;
 
 verify_dp_name(IDPNames, DPorIssuerNames) ->
-    %% RFC 5280 section 5.2.5
-    %% Check that at least one IssuingDistributionPointName in the CRL lines up
-    %% with a DistributionPointName in the certificate.
-    Matches = [X || X <- IDPNames, Y <- DPorIssuerNames, X == Y],
-    case Matches of
-	[] ->
-	    throw({bad_crl, scope_error});
-	_ ->
-	    ok
+    case match_one(DPorIssuerNames, IDPNames) of
+	true ->
+	    ok;
+	false ->
+	    throw({bad_crl, scope_error})
     end.
 
 match_one([], _) ->
     false;
 match_one([{Type, Name} | Names], CandidateNames) ->
-    Candidates = [NameName || {NameType, NameName} <- CandidateNames, NameType == Type],
+    Candidates = [NameName || {NameType, NameName} <- CandidateNames, 
+			      NameType == Type],
     case Candidates of
 	[] ->
 	    false;
 	[_|_] ->
-	case pubkey_cert:match_name(Type, Name, Candidates) of
-		     true ->
-			 true;
-		 false ->
-			 match_one(Names, CandidateNames)
-		 end
+	    case pubkey_cert:match_name(Type, Name, Candidates) of
+		true ->
+		    true;
+		false ->
+		    match_one(Names, CandidateNames)
+	    end
     end.
 
 verify_dp_bools(TBSCert, IDP) ->
@@ -702,13 +699,3 @@ authority_key_identifier(Extensions) ->
     Enc = extension_value(?'id-ce-authorityKeyIdentifier',
 			  'AuthorityKeyIdentifier', Extensions),
     pubkey_cert_records:transform(Enc, decode).
-
-subject_alt_names(Extensions) ->
-    Enc = extension_value(?'id-ce-subjectAltName',
-			  'GeneralNames', Extensions),
-    case Enc of
-	undefined ->
-	    [];
-	_ ->
-	    pubkey_cert_records:transform(Enc, decode)
-    end.
author	Hans Nilsson <[email protected]>	2014-03-07 11:04:42 +0100
committer	Hans Nilsson <[email protected]>	2014-03-26 10:13:56 +0100
commit	8c8999af805265704ce0a3029c85a33f4d42c145 (patch)
tree	3ffc2f9fca6e27aea7eeb6d418be9ac63ffed0f7 /lib/public_key
parent	9756dcd97cd819c9b2d64c35dd36550f99600e92 (diff)
download	otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.gz otp-8c8999af805265704ce0a3029c85a33f4d42c145.tar.bz2 otp-8c8999af805265704ce0a3029c85a33f4d42c145.zip