diff options
author | Ingela Anderton Andin <[email protected]> | 2010-06-11 08:21:23 +0000 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2010-06-11 08:21:23 +0000 |
commit | 4d0e43b5e252b979d50c17592c08ae68ece5fa07 (patch) | |
tree | 179408fb7b2eb80ae402a00443c5158c9c6d9428 /lib/ssl/src/ssl.erl | |
parent | a346eb92eb7b5bedb36768c0a63b82547919bc0b (diff) | |
download | otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.gz otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.bz2 otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.zip |
OTP-8695 New ssl default
Ssl has now switched default implementation and removed deprecated
certificate handling. All certificate handling is done by the public_key
application.
Diffstat (limited to 'lib/ssl/src/ssl.erl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 185a1f755a..000ceb241e 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -39,6 +39,8 @@ -include("ssl_internal.hrl"). -include("ssl_record.hrl"). +-include_lib("public_key/include/public_key.hrl"). + -record(config, {ssl, %% SSL parameters inet_user, %% User set inet options emulated, %% #socket_option{} emulated @@ -50,15 +52,18 @@ %% Function: start([, Type]) -> ok %% %% Type = permanent | transient | temporary -%% Vsns = [Vsn] -%% Vsn = ssl3 | tlsv1 | 'tlsv1.1' %% %% Description: Starts the ssl application. Default type %% is temporary. see application(3) %%-------------------------------------------------------------------- start() -> + application:start(crypto), + application:start(public_key), application:start(ssl). + start(Type) -> + application:start(crypto, Type), + application:start(public_key, Type), application:start(ssl, Type). %%-------------------------------------------------------------------- @@ -123,7 +128,7 @@ connect(Address, Port, Options0, Timeout) -> listen(_Port, []) -> {error, enooptions}; listen(Port, Options0) -> - case proplists:get_value(ssl_imp, Options0, old) of + case proplists:get_value(ssl_imp, Options0, new) of new -> new_listen(Port, Options0); old -> @@ -293,14 +298,7 @@ peercert(#sslsocket{pid = Pid, fd = new_ssl}, Opts) -> {ok, undefined} -> {error, no_peercert}; {ok, BinCert} -> - PKOpts = [case Opt of ssl -> otp; pkix -> plain end || - Opt <- Opts, Opt =:= ssl orelse Opt =:= pkix], - case PKOpts of - [Opt] -> - public_key:pkix_decode_cert(BinCert, Opt); - [] -> - {ok, BinCert} - end; + decode_peercert(BinCert, Opts); {error, Reason} -> {error, Reason} end; @@ -309,11 +307,40 @@ peercert(#sslsocket{} = Socket, Opts) -> ensure_old_ssl_started(), case ssl_broker:peercert(Socket) of {ok, Bin} -> - ssl_pkix:decode_cert(Bin, Opts); + decode_peercert(Bin, Opts); {error, Reason} -> {error, Reason} end. + +decode_peercert(BinCert, Opts) -> + PKOpts = [case Opt of ssl -> otp; pkix -> plain end || + Opt <- Opts, Opt =:= ssl orelse Opt =:= pkix], + case PKOpts of + [Opt] -> + select_part(Opt, public_key:pkix_decode_cert(BinCert, Opt), Opts); + [] -> + {ok, BinCert} + end. + +select_part(otp, {ok, Cert}, Opts) -> + case lists:member(subject, Opts) of + true -> + TBS = Cert#'OTPCertificate'.tbsCertificate, + {ok, TBS#'OTPTBSCertificate'.subject}; + false -> + {ok, Cert} + end; + +select_part(plain, {ok, Cert}, Opts) -> + case lists:member(subject, Opts) of + true -> + TBS = Cert#'Certificate'.tbsCertificate, + {ok, TBS#'TBSCertificate'.subject}; + false -> + {ok, Cert} + end. + %%-------------------------------------------------------------------- %% Function: peername(Socket) -> {ok, {Address, Port}} | {error, Reason} %% |