aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-10-17 16:21:15 +0200
committerIngela Anderton Andin <[email protected]>2017-10-17 16:21:15 +0200
commit290c920aca365968ebaa10a63e25fd2579bce408 (patch)
tree42b697cfa0b502741758865f38eed4ed2941fbb4 /lib/public_key
parent82489e794c015742f8879438394fa8a2f4c6fd1b (diff)
parent7d05f57c2182626aaaee4a7c164d4bb6a7b9e38c (diff)
downloadotp-290c920aca365968ebaa10a63e25fd2579bce408.tar.gz
otp-290c920aca365968ebaa10a63e25fd2579bce408.tar.bz2
otp-290c920aca365968ebaa10a63e25fd2579bce408.zip
Merge branch 'ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655' into maint
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/src/pubkey_cert.erl13
-rw-r--r--lib/public_key/src/public_key.erl4
2 files changed, 12 insertions, 5 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 13833830a7..76fd0f8133 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -1144,7 +1144,7 @@ issuer(Contact, Role, Name) ->
subject(Contact, Role ++ Name).
subject(Contact, Name) ->
- Opts = [{email, Contact ++ "@erlang.org"},
+ Opts = [{email, Contact ++ "@example.org"},
{name, Name},
{city, "Stockholm"},
{country, "SE"},
@@ -1223,12 +1223,12 @@ cert_chain(Role, IssuerCert, IssuerKey, [PeerOpts], _, Acc) ->
Key = gen_key(proplists:get_value(key, PeerOpts, default_key_gen())),
Cert = cert(Role, public_key:pkix_decode_cert(IssuerCert, otp),
IssuerKey, Key, "admin", " Peer cert", PeerOpts, peer),
- [{Cert, Key}, {IssuerCert, IssuerKey} | Acc];
+ [{Cert, encode_key(Key)}, {IssuerCert, encode_key(IssuerKey)} | Acc];
cert_chain(Role, IssuerCert, IssuerKey, [CAOpts | Rest], N, Acc) ->
Key = gen_key(proplists:get_value(key, CAOpts, default_key_gen())),
Cert = cert(Role, public_key:pkix_decode_cert(IssuerCert, otp), IssuerKey, Key, "webadmin",
" Intermidiate CA " ++ integer_to_list(N), CAOpts, ca),
- cert_chain(Role, Cert, Key, Rest, N+1, [{IssuerCert, IssuerKey} | Acc]).
+ cert_chain(Role, Cert, Key, Rest, N+1, [{IssuerCert, encode_key(IssuerKey)} | Acc]).
cert(Role, #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{subject = Issuer}},
PrivKey, Key, Contact, Name, Opts, Type) ->
@@ -1311,3 +1311,10 @@ add_default_extensions(Defaults0, Exts) ->
end, Defaults0),
Exts ++ Defaults.
+encode_key(#'RSAPrivateKey'{} = Key) ->
+ {'RSAPrivateKey', public_key:der_encode('RSAPrivateKey', Key)};
+encode_key(#'ECPrivateKey'{} = Key) ->
+ {'ECPrivateKey', public_key:der_encode('ECPrivateKey', Key)};
+encode_key(#'DSAPrivateKey'{} = Key) ->
+ {'DSAPrivateKey', public_key:der_encode('DSAPrivateKey', Key)}.
+
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index c6ab4d06ae..786cd370f9 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -850,10 +850,10 @@ pkix_crls_validate(OtpCert, DPAndCRLs0, Options) ->
%--------------------------------------------------------------------
-spec pkix_verify_hostname(Cert :: #'OTPCertificate'{} | binary(),
- ReferenceIDs :: [{uri_id | dns_id | oid(), string()}]) -> boolean().
+ ReferenceIDs :: [{uri_id | dns_id | ip | srv_id | oid(), string()}]) -> boolean().
-spec pkix_verify_hostname(Cert :: #'OTPCertificate'{} | binary(),
- ReferenceIDs :: [{uri_id | dns_id | oid(), string()}],
+ ReferenceIDs :: [{uri_id | dns_id | ip | srv_id | oid(), string()}],
Options :: proplists:proplist()) -> boolean().
%% Description: Validates a hostname to RFC 6125