aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2010-09-29 08:44:06 +0200
committerErlang/OTP <[email protected]>2010-09-29 08:44:06 +0200
commit2d4a7d86f97aec54b8d0544bfd25d833e4d7420a (patch)
tree2edea48b407f72f2d1346c15cbaf9261ad9ff3f8 /lib/ssl/doc/src
parent8314712874d13fc22291d7f8187f04469b11527f (diff)
parente501709bec61bf8813cab741b0e39c211c73c89e (diff)
downloadotp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.gz
otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.tar.bz2
otp-2d4a7d86f97aec54b8d0544bfd25d833e4d7420a.zip
Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873: Peer awarness
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r--lib/ssl/doc/src/ssl.xml20
1 files changed, 13 insertions, 7 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 8348301aed..413703deca 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -202,10 +202,10 @@
<p>The verification fun should be defined as:</p>
<code>
-fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
+fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
{extension, #'Extension'{}}, InitialUserState :: term()) ->
- {valid, UserState :: term()} | {fail, Reason :: term()} |
- {unknown, UserState :: term()}.
+ {valid, UserState :: term()} | {valid_peer, UserState :: term()} |
+ {fail, Reason :: term()} | {unknown, UserState :: term()}.
</code>
<p>The verify fun will be called during the X509-path
@@ -213,10 +213,12 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
application is encountered. Additionally it will be called
when a certificate is considered valid by the path validation
to allow access to each certificate in the path to the user
- application.
+ application. Note that the it will differentiate between
+ the peer certificate and CA certificates by using valid_peer
+ or valid as the second argument to the verify fun.
See
<seealso marker="public_key:application">public_key(3)</seealso>
- for definition of #'OtpCertificate'{} and #'Extension'{}.</p>
+ for definition of #'OTPCertificate'{} and #'Extension'{}.</p>
<p>If the verify callback fun returns {fail, Reason}, the
verification process is immediately stopped and an alert is
@@ -237,7 +239,9 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
- {valid, UserState}
+ {valid, UserState};
+ (_, valid_peer, UserState) ->
+ {valid, UserState}
end, []}
</code>
@@ -249,7 +253,9 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
- {valid, UserState}
+ {valid, UserState};
+ (_, valid_peer, UserState) ->
+ {valid, UserState}
end, []}
</code>