diff options
| author | Ingela Anderton Andin <[email protected]> | 2017-03-22 14:49:22 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2017-05-06 07:31:16 +0200 |
| commit | e9b0dbb4a95dbc8e328f08d6df6654dcbe13db09 (patch) | |
| tree | b64d031b0f0d78a56fb4d5b25efdab3477f64aa8 /lib/ssl/src/ssl_connection.erl | |
| parent | 9ac8bdb19f55c593b8b4b10a5d72032e33bef406 (diff) | |
| download | otp-e9b0dbb4a95dbc8e328f08d6df6654dcbe13db09.tar.gz otp-e9b0dbb4a95dbc8e328f08d6df6654dcbe13db09.tar.bz2 otp-e9b0dbb4a95dbc8e328f08d6df6654dcbe13db09.zip | |
ssl: Add hostname check of server certificate
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index d9707115d5..be64081599 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -501,13 +501,7 @@ certify(internal, #certificate{} = Cert, crl_db = CRLDbInfo, ssl_options = Opts} = State, Connection) -> case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, - Opts#ssl_options.depth, - Opts#ssl_options.verify, - Opts#ssl_options.verify_fun, - Opts#ssl_options.partial_chain, - Opts#ssl_options.crl_check, - CRLDbInfo, - Role) of + Opts, CRLDbInfo, Role) of {PeerCert, PublicKeyInfo} -> handle_peer_cert(Role, PeerCert, PublicKeyInfo, State#state{client_certificate_requested = false}, Connection); |