aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-09-13 08:52:54 +0200
committerIngela Anderton Andin <[email protected]>2010-09-13 08:52:54 +0200
commit3f336f1b6f2854618146e882b04e8cbc50d1111e (patch)
treef275ef9c49054004e3504d7f9548474a78dcefa1 /lib/ssl/doc/src/ssl.xml
parentf86c89a90a228eed9a58632cc0fb3372b210ec1a (diff)
parent6cced538abd4f8053c009b163efa8c6d568b9580 (diff)
downloadotp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.gz
otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.bz2
otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.zip
Merge branch 'ia/public_key-subject-alternative-name/OTP-8825' into dev
* ia/public_key-subject-alternative-name/OTP-8825: Improved certificate extension handling Add handling of SubjectAltName of type otherName
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r--lib/ssl/doc/src/ssl.xml55
1 files changed, 28 insertions, 27 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 0f3054aec3..d5b7253ef3 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -202,16 +202,19 @@
<p>The verification fun should be defined as:</p>
<code>
- fun(OtpCert :: #'OtpCertificate'{},
- Event :: {bad_cert, Reason :: atom()} |
- {extension, #'Extension'{}}, InitialUserState :: term()) ->
- {valid, UserState :: term()} | {fail, Reason :: term()} |
- {unknown, UserState :: term()}.
+fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
+ {extension, #'Extension'{}}, InitialUserState :: term()) ->
+ {valid, UserState :: term()} | {fail, Reason :: term()} |
+ {unknown, UserState :: term()}.
</code>
<p>The verify fun will be called during the X509-path
validation when an error or an extension unknown to the ssl
- application is encountered. See
+ application is encountered. Additionally it will be called
+ when a certificate is considered valid by the path validation
+ to allow access to each certificate in the path to the user
+ application.
+ See
<seealso marker="public_key:application">public_key(3)</seealso>
for definition of #'OtpCertificate'{} and #'Extension'{}.</p>
@@ -229,34 +232,32 @@
<p>The default verify_fun option in verify_peer mode:</p>
<code>
- {fun(_,{bad_cert, _} = Reason, _) ->
- {fail, Reason};
- (_,{extension, _}, UserState) ->
- {unknown, UserState}
- end, []}
+{fun(_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []}
</code>
<p>The default verify_fun option in verify_none mode:</p>
<code>
- {fun(_,{bad_cert, unknown_ca}, UserState) ->
- {valid, UserState};
- (_,{bad_cert, _} = Reason, _) ->
- {fail, Reason};
- (_,{extension, _}, UserState) ->
- {unknown, UserState}
- end, []}
+{fun(_,{bad_cert, unknown_ca}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []}
</code>
- <p> Possible path validation errors:
- {bad_cert, cert_expired},
- {bad_cert, invalid_issuer},
- {bad_cert, invalid_signature},
- {bad_cert, unknown_ca},
- {bad_cert, name_not_permitted},
- {bad_cert, missing_basic_constraint},
- {bad_cert, invalid_key_usage},
- {bad_cert, invalid_subject_altname}</p>
+<p>Possible path validation errors: </p>
+
+<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
</item>
</taglist>