Improved certificate extension handling

Added the functionality so that the verification fun will be called
when a certificate is considered valid by the path validation to allow
access to eachs certificate in the path to the user application.

Removed clause that only check that a extension is not critical,
it does alter the verification rusult only withholds information from
the application.

Try to verify subject-AltName, if unable to verify it let
application try.

1 files changed, 7 insertions, 3 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 1e96880801..3cb9337775 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -2860,7 +2860,9 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
     FunAndState =  {fun(_,{bad_cert, _} = Reason, _) ->
 			    {fail, Reason};
 		       (_,{extension, _}, UserState) ->
-			    {unknown, UserState}
+			    {unknown, UserState};
+		       (_, valid, UserState) ->
+			    {valid, UserState}
 		    end, []},
 
     Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
@@ -2926,7 +2928,9 @@ unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
 		       (_,{bad_cert, _} = Reason, _) ->
 			    {fail, Reason};
 		       (_,{extension, _}, UserState) ->
-			    {unknown, UserState}
+			    {unknown, UserState};
+		       (_, valid, UserState) ->
+			    {valid, UserState}
 		    end, []},
 
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
@@ -3095,7 +3099,7 @@ session_cache_process_mnesia(suite) ->
 session_cache_process_mnesia(Config) when is_list(Config) -> 
     session_cache_process(mnesia,Config).
 
-session_cache_process(Type,Config) when is_list(Config) -> 
+session_cache_process(_Type,Config) when is_list(Config) ->
     reuse_session(Config).
 
 init([Type]) ->