aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-09-13 08:52:54 +0200
committerIngela Anderton Andin <[email protected]>2010-09-13 08:52:54 +0200
commit3f336f1b6f2854618146e882b04e8cbc50d1111e (patch)
treef275ef9c49054004e3504d7f9548474a78dcefa1 /lib/ssl/src
parentf86c89a90a228eed9a58632cc0fb3372b210ec1a (diff)
parent6cced538abd4f8053c009b163efa8c6d568b9580 (diff)
downloadotp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.gz
otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.bz2
otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.zip
Merge branch 'ia/public_key-subject-alternative-name/OTP-8825' into dev
* ia/public_key-subject-alternative-name/OTP-8825: Improved certificate extension handling Add handling of SubjectAltName of type otherName
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl.erl8
-rw-r--r--lib/ssl/src/ssl_certificate.erl10
2 files changed, 11 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index cc01b35b64..12dffb413c 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -535,7 +535,9 @@ handle_options(Opts0, _Role) ->
(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
UserFailIfNoPeerCert = handle_option(fail_if_no_peer_cert, Opts, false),
@@ -631,7 +633,9 @@ validate_option(verify_fun, Fun) when is_function(Fun) ->
{fail, Reason}
end;
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, Fun};
validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) ->
Value;
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 6cf57ced81..206024315e 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -34,7 +34,6 @@
-export([trusted_cert_and_path/2,
certificate_chain/2,
file_to_certificats/1,
- %validate_extensions/6,
validate_extension/3,
is_valid_extkey_usage/2,
is_valid_key_usage/2,
@@ -118,8 +117,7 @@ file_to_certificats(File) ->
%% Description: Validates ssl/tls specific extensions
%%--------------------------------------------------------------------
validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage',
- extnValue = KeyUse,
- critical = true}}, Role) ->
+ extnValue = KeyUse}}, Role) ->
case is_valid_extkey_usage(KeyUse, Role) of
true ->
{valid, Role};
@@ -128,8 +126,10 @@ validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage',
end;
validate_extension(_, {bad_cert, _} = Reason, _) ->
{fail, Reason};
-validate_extension(_, _, Role) ->
- {unknown, Role}.
+validate_extension(_, {extension, _}, Role) ->
+ {unknown, Role};
+validate_extension(_, valid, Role) ->
+ {valid, Role}.
%%--------------------------------------------------------------------
-spec is_valid_key_usage(list(), term()) -> boolean().