diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-09-13 08:52:54 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2010-09-13 08:52:54 +0200 |
| commit | 3f336f1b6f2854618146e882b04e8cbc50d1111e (patch) | |
| tree | f275ef9c49054004e3504d7f9548474a78dcefa1 /lib/ssl/doc | |
| parent | f86c89a90a228eed9a58632cc0fb3372b210ec1a (diff) | |
| parent | 6cced538abd4f8053c009b163efa8c6d568b9580 (diff) | |
| download | otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.gz otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.bz2 otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.zip | |
Merge branch 'ia/public_key-subject-alternative-name/OTP-8825' into dev
* ia/public_key-subject-alternative-name/OTP-8825:
Improved certificate extension handling
Add handling of SubjectAltName of type otherName
Diffstat (limited to 'lib/ssl/doc')
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 55 |
1 files changed, 28 insertions, 27 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 0f3054aec3..d5b7253ef3 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -202,16 +202,19 @@ <p>The verification fun should be defined as:</p> <code> - fun(OtpCert :: #'OtpCertificate'{}, - Event :: {bad_cert, Reason :: atom()} | - {extension, #'Extension'{}}, InitialUserState :: term()) -> - {valid, UserState :: term()} | {fail, Reason :: term()} | - {unknown, UserState :: term()}. +fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} | + {extension, #'Extension'{}}, InitialUserState :: term()) -> + {valid, UserState :: term()} | {fail, Reason :: term()} | + {unknown, UserState :: term()}. </code> <p>The verify fun will be called during the X509-path validation when an error or an extension unknown to the ssl - application is encountered. See + application is encountered. Additionally it will be called + when a certificate is considered valid by the path validation + to allow access to each certificate in the path to the user + application. + See <seealso marker="public_key:application">public_key(3)</seealso> for definition of #'OtpCertificate'{} and #'Extension'{}.</p> @@ -229,34 +232,32 @@ <p>The default verify_fun option in verify_peer mode:</p> <code> - {fun(_,{bad_cert, _} = Reason, _) -> - {fail, Reason}; - (_,{extension, _}, UserState) -> - {unknown, UserState} - end, []} +{fun(_,{bad_cert, _} = Reason, _) -> + {fail, Reason}; + (_,{extension, _}, UserState) -> + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState} + end, []} </code> <p>The default verify_fun option in verify_none mode:</p> <code> - {fun(_,{bad_cert, unknown_ca}, UserState) -> - {valid, UserState}; - (_,{bad_cert, _} = Reason, _) -> - {fail, Reason}; - (_,{extension, _}, UserState) -> - {unknown, UserState} - end, []} +{fun(_,{bad_cert, unknown_ca}, UserState) -> + {valid, UserState}; + (_,{bad_cert, _} = Reason, _) -> + {fail, Reason}; + (_,{extension, _}, UserState) -> + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState} + end, []} </code> - <p> Possible path validation errors: - {bad_cert, cert_expired}, - {bad_cert, invalid_issuer}, - {bad_cert, invalid_signature}, - {bad_cert, unknown_ca}, - {bad_cert, name_not_permitted}, - {bad_cert, missing_basic_constraint}, - {bad_cert, invalid_key_usage}, - {bad_cert, invalid_subject_altname}</p> +<p>Possible path validation errors: </p> + +<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p> </item> </taglist> |