diff options
author | Ingela Anderton Andin <[email protected]> | 2016-09-12 16:26:52 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-09-12 16:26:52 +0200 |
commit | 437bf798d86b85a0c81bb92b730440890b9ea92a (patch) | |
tree | 31fa1a6caacff8ec821bf8416ea26046e00a4138 /lib/ssl/src/ssl_crl.erl | |
parent | fa363597ca5139c94c4ecc3de6d6bf6df1eb1978 (diff) | |
parent | 9f12c01ed52555a2a6218b86929a2b2f36c93a0e (diff) | |
download | otp-437bf798d86b85a0c81bb92b730440890b9ea92a.tar.gz otp-437bf798d86b85a0c81bb92b730440890b9ea92a.tar.bz2 otp-437bf798d86b85a0c81bb92b730440890b9ea92a.zip |
Merge branch 'maint'
Diffstat (limited to 'lib/ssl/src/ssl_crl.erl')
-rw-r--r-- | lib/ssl/src/ssl_crl.erl | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl index d9f21e04ac..01be1fb9ab 100644 --- a/lib/ssl/src/ssl_crl.erl +++ b/lib/ssl/src/ssl_crl.erl @@ -47,7 +47,7 @@ trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) -> {ok, unknown_crl_ca, []} end. -find_issuer(CRL, {Db,_}) -> +find_issuer(CRL, {Db,DbRef}) -> Issuer = public_key:pkix_normalize_name(public_key:pkix_crl_issuer(CRL)), IsIssuerFun = fun({_Key, {_Der,ErlCertCandidate}}, Acc) -> @@ -55,15 +55,27 @@ find_issuer(CRL, {Db,_}) -> (_, Acc) -> Acc end, - - try ssl_pkix_db:foldl(IsIssuerFun, issuer_not_found, Db) of - issuer_not_found -> - {error, issuer_not_found} - catch - {ok, _} = Result -> - Result + if is_reference(DbRef) -> % actual DB exists + try ssl_pkix_db:foldl(IsIssuerFun, issuer_not_found, Db) of + issuer_not_found -> + {error, issuer_not_found} + catch + {ok, _} = Result -> + Result + end; + is_tuple(DbRef), element(1,DbRef) =:= extracted -> % cache bypass byproduct + {extracted, CertsData} = DbRef, + Certs = [Entry || {decoded, Entry} <- CertsData], + try lists:foldl(IsIssuerFun, issuer_not_found, Certs) of + issuer_not_found -> + {error, issuer_not_found} + catch + {ok, _} = Result -> + Result + end end. + verify_crl_issuer(CRL, ErlCertCandidate, Issuer, NotIssuer) -> TBSCert = ErlCertCandidate#'OTPCertificate'.tbsCertificate, case public_key:pkix_normalize_name(TBSCert#'OTPTBSCertificate'.subject) of |