diff options
author | Henrik Nord <[email protected]> | 2016-02-25 10:52:44 +0100 |
---|---|---|
committer | Henrik Nord <[email protected]> | 2016-02-25 10:52:44 +0100 |
commit | 0a66b4b0f4c73e915e4404a284ca659edd6567b4 (patch) | |
tree | 0e9ab55d9d752391e8794db7f6dd4fcb2d789bb4 /lib/ssl/src | |
parent | 93c6b942bf99e73e566e3ab8c6dea1848a1e4b1e (diff) | |
parent | a567dca5ea418a0aaaed8fb4359032b11f28cccd (diff) | |
download | otp-0a66b4b0f4c73e915e4404a284ca659edd6567b4.tar.gz otp-0a66b4b0f4c73e915e4404a284ca659edd6567b4.tar.bz2 otp-0a66b4b0f4c73e915e4404a284ca659edd6567b4.zip |
Merge branch 'legoscia/critical-extension-verify-none' into maint
* legoscia/critical-extension-verify-none:
ssl: with verify_none, accept critical extensions
OTP-13377
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl.erl | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index c1bc90559e..3afc3a5e87 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -1296,6 +1296,12 @@ handle_verify_options(Opts, CaCerts) -> DefaultVerifyNoneFun = {fun(_,{bad_cert, _}, UserState) -> {valid, UserState}; + (_,{extension, #'Extension'{critical = true}}, UserState) -> + %% This extension is marked as critical, so + %% certificate verification should fail if we don't + %% understand the extension. However, this is + %% `verify_none', so let's accept it anyway. + {valid, UserState}; (_,{extension, _}, UserState) -> {unknown, UserState}; (_, valid, UserState) -> |