aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/x509_test.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-05-09 10:57:06 +0200
committerIngela Anderton Andin <[email protected]>2017-05-09 10:57:06 +0200
commit0049bee925a014c2dfb49c8d98eac94165532070 (patch)
tree1059b33807b5cfffa9ff85a38194863220467afe /lib/ssl/test/x509_test.erl
parente1c70e41196e8118d9f24b8d9023cb0f876ee0df (diff)
parente9b0dbb4a95dbc8e328f08d6df6654dcbe13db09 (diff)
downloadotp-0049bee925a014c2dfb49c8d98eac94165532070.tar.gz
otp-0049bee925a014c2dfb49c8d98eac94165532070.tar.bz2
otp-0049bee925a014c2dfb49c8d98eac94165532070.zip
Merge branch 'ingela/ssl/server-hostname-verify/OTP-14197'
* ingela/ssl/server-hostname-verify/OTP-14197: ssl: Add hostname check of server certificate
Diffstat (limited to 'lib/ssl/test/x509_test.erl')
-rw-r--r--lib/ssl/test/x509_test.erl25
1 files changed, 17 insertions, 8 deletions
diff --git a/lib/ssl/test/x509_test.erl b/lib/ssl/test/x509_test.erl
index c36e96013b..4da1537ef6 100644
--- a/lib/ssl/test/x509_test.erl
+++ b/lib/ssl/test/x509_test.erl
@@ -105,7 +105,7 @@ root_cert(Role, PrivKey, Opts) ->
validity = validity(Opts),
subject = Issuer,
subjectPublicKeyInfo = public_key(PrivKey),
- extensions = extensions(ca, Opts)
+ extensions = extensions(Role, ca, Opts)
},
public_key:pkix_sign(OTPTBS, PrivKey).
@@ -175,22 +175,27 @@ validity(Opts) ->
#'Validity'{notBefore={generalTime, Format(DefFrom)},
notAfter ={generalTime, Format(DefTo)}}.
-extensions(Type, Opts) ->
+extensions(Role, Type, Opts) ->
Exts = proplists:get_value(extensions, Opts, []),
- lists:flatten([extension(Ext) || Ext <- default_extensions(Type, Exts)]).
+ lists:flatten([extension(Ext) || Ext <- default_extensions(Role, Type, Exts)]).
%% Common extension: name_constraints, policy_constraints, ext_key_usage, inhibit_any,
%% auth_key_id, subject_key_id, policy_mapping,
-default_extensions(ca, Exts) ->
+default_extensions(_, ca, Exts) ->
Def = [{key_usage, [keyCertSign, cRLSign]},
{basic_constraints, default}],
add_default_extensions(Def, Exts);
-default_extensions(peer, Exts) ->
- Def = [{key_usage, [digitalSignature, keyAgreement]}],
- add_default_extensions(Def, Exts).
+default_extensions(server, peer, Exts) ->
+ Hostname = net_adm:localhost(),
+ Def = [{key_usage, [digitalSignature, keyAgreement]},
+ {subject_alt, Hostname}],
+ add_default_extensions(Def, Exts);
+default_extensions(_, peer, Exts) ->
+ Exts.
+
add_default_extensions(Def, Exts) ->
Filter = fun({Key, _}, D) ->
lists:keydelete(Key, 1, D);
@@ -228,6 +233,10 @@ extension({key_usage, Value}) ->
#'Extension'{extnID = ?'id-ce-keyUsage',
extnValue = Value,
critical = false};
+extension({subject_alt, Hostname}) ->
+ #'Extension'{extnID = ?'id-ce-subjectAltName',
+ extnValue = [{dNSName, Hostname}],
+ critical = false};
extension({Id, Data, Critical}) ->
#'Extension'{extnID = Id, extnValue = Data, critical = Critical}.
@@ -309,7 +318,7 @@ cert(Role, #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{subject = Iss
validity = validity(CertOpts),
subject = subject(Contact, atom_to_list(Role) ++ Name),
subjectPublicKeyInfo = public_key(Key),
- extensions = extensions(Type,
+ extensions = extensions(Role, Type,
add_default_extensions([{auth_key_id, {auth_key_oid(Role), Issuer, SNr}}],
CertOpts))
},