Merge branch 'maint'

author: Henrik Nord <[email protected]> 2016-02-25 10:53:22 +0100
committer: Henrik Nord <[email protected]> 2016-02-25 10:53:22 +0100
commit: 6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae (patch)
tree: c16a12f8f04d69cf8b6c8d30c76bec93e32004a3 /lib/ssl/src/ssl.erl
parent: 209804f87fa7a11468e5e373217917d2e11fcb9d (diff)
parent: 9c4fdefb8e9dde5e71ea7362ed37abfa425bb2bf (diff)
download: otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.tar.gz
otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.tar.bz2
otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index c1bc90559e..3afc3a5e87 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -1296,6 +1296,12 @@ handle_verify_options(Opts, CaCerts) ->
     DefaultVerifyNoneFun =
 	{fun(_,{bad_cert, _}, UserState) ->
 		 {valid, UserState};
+	    (_,{extension, #'Extension'{critical = true}}, UserState) ->
+		 %% This extension is marked as critical, so
+		 %% certificate verification should fail if we don't
+		 %% understand the extension.  However, this is
+		 %% `verify_none', so let's accept it anyway.
+		 {valid, UserState};
 	    (_,{extension, _}, UserState) ->
 		 {unknown, UserState};
 	    (_, valid, UserState) ->
author	Henrik Nord <[email protected]>	2016-02-25 10:53:22 +0100
committer	Henrik Nord <[email protected]>	2016-02-25 10:53:22 +0100
commit	6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae (patch)
tree	c16a12f8f04d69cf8b6c8d30c76bec93e32004a3 /lib/ssl/src/ssl.erl
parent	209804f87fa7a11468e5e373217917d2e11fcb9d (diff)
parent	9c4fdefb8e9dde5e71ea7362ed37abfa425bb2bf (diff)
download	otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.tar.gz otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.tar.bz2 otp-6ea43be4d8a73371fb9fd0c77d4d0d05a86357ae.zip