diff options
| author | Ingela Anderton Andin <[email protected]> | 2014-08-14 12:09:53 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2014-08-14 12:09:53 +0200 |
| commit | 3f44d30fea3b0c42c523d4dd60be58b09efe8c1f (patch) | |
| tree | 5ec74b3a78504a4ec0650a498f07678d1139222e /lib/ssl/src/ssl_certificate.erl | |
| parent | 9de7cc7f881b5df18d0a26f7d37af164bc0c390e (diff) | |
| parent | bd496c144e47c10c900c58cd2d9f38a01e9303cf (diff) | |
| download | otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.gz otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.tar.bz2 otp-3f44d30fea3b0c42c523d4dd60be58b09efe8c1f.zip | |
Merge branch 'ia/ssl/certificate_types/certificate_requests/OTP-12026' into maint
* ia/ssl/certificate_types/certificate_requests/OTP-12026:
public_key: Updated User Guide with ECC records
ssl: Make sure the correct ROOT-cert is used
ssl: Test ECDSA and improve test suite maintainability
public_key: Correct ASN1-type EcpkParameters in PEM handling
public_key: Correct ASN-1 spec
ssl: Correct handling of certificate_types in Certificate Requests
Diffstat (limited to 'lib/ssl/src/ssl_certificate.erl')
| -rw-r--r-- | lib/ssl/src/ssl_certificate.erl | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index b186a1015a..53366b060c 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2014 All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -232,7 +232,12 @@ find_issuer(OtpCert, CertDbHandle) -> IsIssuerFun = fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) -> case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of true -> - throw(public_key:pkix_issuer_id(ErlCertCandidate, self)); + case verify_cert_signer(OtpCert, ErlCertCandidate#'OTPCertificate'.tbsCertificate) of + true -> + throw(public_key:pkix_issuer_id(ErlCertCandidate, self)); + false -> + Acc + end; false -> Acc end; @@ -254,3 +259,19 @@ is_valid_extkey_usage(KeyUse, client) -> is_valid_extkey_usage(KeyUse, server) -> %% Server wants to verify client is_valid_key_usage(KeyUse, ?'id-kp-clientAuth'). + +verify_cert_signer(OtpCert, SignerTBSCert) -> + PublicKey = public_key(SignerTBSCert#'OTPTBSCertificate'.subjectPublicKeyInfo), + public_key:pkix_verify(public_key:pkix_encode('OTPCertificate', OtpCert, otp), PublicKey). + +public_key(#'OTPSubjectPublicKeyInfo'{algorithm = #'PublicKeyAlgorithm'{algorithm = ?'id-ecPublicKey', + parameters = Params}, + subjectPublicKey = Point}) -> + {Point, Params}; +public_key(#'OTPSubjectPublicKeyInfo'{algorithm = #'PublicKeyAlgorithm'{algorithm = ?'rsaEncryption'}, + subjectPublicKey = Key}) -> + Key; +public_key(#'OTPSubjectPublicKeyInfo'{algorithm = #'PublicKeyAlgorithm'{algorithm = ?'id-dsa', + parameters = {params, Params}}, + subjectPublicKey = Key}) -> + {Key, Params}. |