diff options
author | Ingela Anderton Andin <[email protected]> | 2010-09-27 13:59:29 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2010-09-29 08:29:00 +0200 |
commit | e501709bec61bf8813cab741b0e39c211c73c89e (patch) | |
tree | cb28ff2dcd70a60be352407e5cde09a22ed881ce /lib/ssl/src | |
parent | 17224a3d31d25ce6daa4de63b52b26bee9564bcd (diff) | |
download | otp-e501709bec61bf8813cab741b0e39c211c73c89e.tar.gz otp-e501709bec61bf8813cab741b0e39c211c73c89e.tar.bz2 otp-e501709bec61bf8813cab741b0e39c211c73c89e.zip |
Peer awarness
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl.erl | 4 | ||||
-rw-r--r-- | lib/ssl/src/ssl_certificate.erl | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 12dffb413c..7a3b24c783 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -537,6 +537,8 @@ handle_options(Opts0, _Role) -> (_,{extension, _}, UserState) -> {unknown, UserState}; (_, valid, UserState) -> + {valid, UserState}; + (_, valid_peer, UserState) -> {valid, UserState} end, []}, @@ -635,6 +637,8 @@ validate_option(verify_fun, Fun) when is_function(Fun) -> (_,{extension, _}, UserState) -> {unknown, UserState}; (_, valid, UserState) -> + {valid, UserState}; + (_, valid_peer, UserState) -> {valid, UserState} end, Fun}; validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) -> diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index 206024315e..714c94270d 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -129,6 +129,8 @@ validate_extension(_, {bad_cert, _} = Reason, _) -> validate_extension(_, {extension, _}, Role) -> {unknown, Role}; validate_extension(_, valid, Role) -> + {valid, Role}; +validate_extension(_, valid_peer, Role) -> {valid, Role}. %%-------------------------------------------------------------------- |