aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-01-17 11:24:19 +0100
committerIngela Anderton Andin <[email protected]>2011-01-17 14:04:26 +0100
commit4dbf3c9e4ae7cfd19b247353369166d31b8f15e5 (patch)
tree4384227dd64e99b8eaf15967532c81468558a823 /lib/ssl/src
parent86413606615440a7951b4c62162e2bfb87aa158c (diff)
downloadotp-4dbf3c9e4ae7cfd19b247353369166d31b8f15e5.tar.gz
otp-4dbf3c9e4ae7cfd19b247353369166d31b8f15e5.tar.bz2
otp-4dbf3c9e4ae7cfd19b247353369166d31b8f15e5.zip
Verification of a critical extended_key_usage-extension corrected
When a verify fun is supplied, it should not be called to verify the extended_key_usage-extension when it is already verified by the ssl_certificate:validate_extension/2
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_handshake.erl16
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 125c28b373..1f4c44d115 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -194,14 +194,12 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbRef,
{fun(OtpCert, ExtensionOrError, {SslState, UserState}) ->
case ssl_certificate:validate_extension(OtpCert,
ExtensionOrError,
- SslState) of
- {valid, _} ->
- apply_user_fun(Fun, OtpCert,
- ExtensionOrError, UserState,
- SslState);
- {fail, Reason} ->
- apply_user_fun(Fun, OtpCert, Reason, UserState,
- SslState);
+ SslState) of
+ {valid, NewSslState} ->
+ {valid, {NewSslState, UserState}};
+ {fail, Reason} ->
+ apply_user_fun(Fun, OtpCert, Reason, UserState,
+ SslState);
{unknown, _} ->
apply_user_fun(Fun, OtpCert,
ExtensionOrError, UserState, SslState)