diff options
author | Ingela Anderton Andin <[email protected]> | 2010-09-13 08:52:54 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2010-09-13 08:52:54 +0200 |
commit | 3f336f1b6f2854618146e882b04e8cbc50d1111e (patch) | |
tree | f275ef9c49054004e3504d7f9548474a78dcefa1 /lib/ssl/src | |
parent | f86c89a90a228eed9a58632cc0fb3372b210ec1a (diff) | |
parent | 6cced538abd4f8053c009b163efa8c6d568b9580 (diff) | |
download | otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.gz otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.tar.bz2 otp-3f336f1b6f2854618146e882b04e8cbc50d1111e.zip |
Merge branch 'ia/public_key-subject-alternative-name/OTP-8825' into dev
* ia/public_key-subject-alternative-name/OTP-8825:
Improved certificate extension handling
Add handling of SubjectAltName of type otherName
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl.erl | 8 | ||||
-rw-r--r-- | lib/ssl/src/ssl_certificate.erl | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index cc01b35b64..12dffb413c 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -535,7 +535,9 @@ handle_options(Opts0, _Role) -> (_,{bad_cert, _} = Reason, _) -> {fail, Reason}; (_,{extension, _}, UserState) -> - {unknown, UserState} + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState} end, []}, UserFailIfNoPeerCert = handle_option(fail_if_no_peer_cert, Opts, false), @@ -631,7 +633,9 @@ validate_option(verify_fun, Fun) when is_function(Fun) -> {fail, Reason} end; (_,{extension, _}, UserState) -> - {unknown, UserState} + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState} end, Fun}; validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) -> Value; diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index 6cf57ced81..206024315e 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -34,7 +34,6 @@ -export([trusted_cert_and_path/2, certificate_chain/2, file_to_certificats/1, - %validate_extensions/6, validate_extension/3, is_valid_extkey_usage/2, is_valid_key_usage/2, @@ -118,8 +117,7 @@ file_to_certificats(File) -> %% Description: Validates ssl/tls specific extensions %%-------------------------------------------------------------------- validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage', - extnValue = KeyUse, - critical = true}}, Role) -> + extnValue = KeyUse}}, Role) -> case is_valid_extkey_usage(KeyUse, Role) of true -> {valid, Role}; @@ -128,8 +126,10 @@ validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage', end; validate_extension(_, {bad_cert, _} = Reason, _) -> {fail, Reason}; -validate_extension(_, _, Role) -> - {unknown, Role}. +validate_extension(_, {extension, _}, Role) -> + {unknown, Role}; +validate_extension(_, valid, Role) -> + {valid, Role}. %%-------------------------------------------------------------------- -spec is_valid_key_usage(list(), term()) -> boolean(). |