aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_certificate.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-11-14 10:17:59 +0100
committerIngela Anderton Andin <[email protected]>2011-11-15 11:08:13 +0100
commita7b8bf5b8162e9c0473213c77d17c739bdffdc35 (patch)
tree6959a80d87e064f3c3a4e5f0d5b995bec7283a01 /lib/ssl/src/ssl_certificate.erl
parent45305535f3348d8ea9a637b2236fd079e147971c (diff)
downloadotp-a7b8bf5b8162e9c0473213c77d17c739bdffdc35.tar.gz
otp-a7b8bf5b8162e9c0473213c77d17c739bdffdc35.tar.bz2
otp-a7b8bf5b8162e9c0473213c77d17c739bdffdc35.zip
Replaced ets:next traversal with ets:foldl and throw
ets:next needs an explicit safe_fixtable call to be safe, we rather use ets:foldl and throw to get out of it when we find the correct entry.
Diffstat (limited to 'lib/ssl/src/ssl_certificate.erl')
-rw-r--r--lib/ssl/src/ssl_certificate.erl33
1 files changed, 20 insertions, 13 deletions
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 422ea6404b..61876e1158 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -66,7 +66,7 @@ trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef) ->
{ok, IssuerId} ->
{other, IssuerId};
{error, issuer_not_found} ->
- case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+ case find_issuer(OtpCert, CertDbHandle) of
{ok, IssuerId} ->
{other, IssuerId};
Other ->
@@ -193,7 +193,7 @@ certificate_chain(OtpCert, _Cert, CertDbHandle, CertsDbRef, Chain) ->
{_, true = SelfSigned} ->
certificate_chain(CertDbHandle, CertsDbRef, Chain, ignore, ignore, SelfSigned);
{{error, issuer_not_found}, SelfSigned} ->
- case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+ case find_issuer(OtpCert, CertDbHandle) of
{ok, {SerialNr, Issuer}} ->
certificate_chain(CertDbHandle, CertsDbRef, Chain,
SerialNr, Issuer, SelfSigned);
@@ -227,17 +227,24 @@ certificate_chain(CertDbHandle, CertsDbRef, Chain, SerialNr, Issuer, _SelfSigned
{ok, lists:reverse(Chain)}
end.
-find_issuer(OtpCert, PrevCandidateKey, CertDbHandle) ->
- case ssl_manager:issuer_candidate(PrevCandidateKey, CertDbHandle) of
- no_more_candidates ->
- {error, issuer_not_found};
- {Key, {_Cert, ErlCertCandidate}} ->
- case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
- true ->
- public_key:pkix_issuer_id(ErlCertCandidate, self);
- false ->
- find_issuer(OtpCert, Key, CertDbHandle)
- end
+find_issuer(OtpCert, CertDbHandle) ->
+ IsIssuerFun = fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) ->
+ case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
+ true ->
+ throw(public_key:pkix_issuer_id(ErlCertCandidate, self));
+ false ->
+ Acc
+ end;
+ (_, Acc) ->
+ Acc
+ end,
+
+ try ssl_certificate_db:foldl(IsIssuerFun, issuer_not_found, CertDbHandle) of
+ issuer_not_found ->
+ {error, issuer_not_found}
+ catch
+ {ok, _IssuerId} = Return ->
+ Return
end.
is_valid_extkey_usage(KeyUse, client) ->