diff options
author | Ingela Anderton Andin <[email protected]> | 2016-09-12 16:26:12 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-09-12 16:26:12 +0200 |
commit | 9f12c01ed52555a2a6218b86929a2b2f36c93a0e (patch) | |
tree | 25ad3b5501650fc9db8b2f72dcfd990a682643bf /lib/ssl/src/ssl_crl.erl | |
parent | 44aba0af8d1ddbccf8a7911f307681fc0d726d77 (diff) | |
parent | 3cad56eb508fb703d036e704bae77a3b3ae05086 (diff) | |
download | otp-9f12c01ed52555a2a6218b86929a2b2f36c93a0e.tar.gz otp-9f12c01ed52555a2a6218b86929a2b2f36c93a0e.tar.bz2 otp-9f12c01ed52555a2a6218b86929a2b2f36c93a0e.zip |
Merge branch 'ferd/bypass-pem-cache/PR-1143/OTP-13883' into maint
* ferd/bypass-pem-cache/PR-1143/OTP-13883:
ssl: Add documentation of bypass_pem_cache application environment configuration
ssl: Add new benchmarks to skip file for normal testing
Adding PEM cache bypass benchmark entries
Fixing CRL searching in cache bypass
Add option to bypass SSL PEM cache
Diffstat (limited to 'lib/ssl/src/ssl_crl.erl')
-rw-r--r-- | lib/ssl/src/ssl_crl.erl | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl index d9f21e04ac..01be1fb9ab 100644 --- a/lib/ssl/src/ssl_crl.erl +++ b/lib/ssl/src/ssl_crl.erl @@ -47,7 +47,7 @@ trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) -> {ok, unknown_crl_ca, []} end. -find_issuer(CRL, {Db,_}) -> +find_issuer(CRL, {Db,DbRef}) -> Issuer = public_key:pkix_normalize_name(public_key:pkix_crl_issuer(CRL)), IsIssuerFun = fun({_Key, {_Der,ErlCertCandidate}}, Acc) -> @@ -55,15 +55,27 @@ find_issuer(CRL, {Db,_}) -> (_, Acc) -> Acc end, - - try ssl_pkix_db:foldl(IsIssuerFun, issuer_not_found, Db) of - issuer_not_found -> - {error, issuer_not_found} - catch - {ok, _} = Result -> - Result + if is_reference(DbRef) -> % actual DB exists + try ssl_pkix_db:foldl(IsIssuerFun, issuer_not_found, Db) of + issuer_not_found -> + {error, issuer_not_found} + catch + {ok, _} = Result -> + Result + end; + is_tuple(DbRef), element(1,DbRef) =:= extracted -> % cache bypass byproduct + {extracted, CertsData} = DbRef, + Certs = [Entry || {decoded, Entry} <- CertsData], + try lists:foldl(IsIssuerFun, issuer_not_found, Certs) of + issuer_not_found -> + {error, issuer_not_found} + catch + {ok, _} = Result -> + Result + end end. + verify_crl_issuer(CRL, ErlCertCandidate, Issuer, NotIssuer) -> TBSCert = ErlCertCandidate#'OTPCertificate'.tbsCertificate, case public_key:pkix_normalize_name(TBSCert#'OTPTBSCertificate'.subject) of |