diff options
author | Ingela Anderton Andin <[email protected]> | 2016-06-09 10:50:49 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-06-09 10:50:49 +0200 |
commit | 38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4 (patch) | |
tree | a482d316933d7f5b69e02eb859a465a4f268cac9 /lib/ssl | |
parent | 6c6cdb99b2f80630816089ad5f75d8a81266b5cc (diff) | |
parent | 20b3aa4dabab14ea1a653fb9f88c842edd0e2a69 (diff) | |
download | otp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.tar.gz otp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.tar.bz2 otp-38cdb3b5131257a8cc76b8f64e32b8ecf722bdb4.zip |
Merge branch 'ingela/ssl/crl-find-issuer/OTP-13656'
* ingela/ssl/crl-find-issuer/OTP-13656:
ssl: Propagate error so that public_key crl validation process continues correctly and determines what should happen.
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_crl.erl | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl index faf5007b16..d9f21e04ac 100644 --- a/lib/ssl/src/ssl_crl.erl +++ b/lib/ssl/src/ssl_crl.erl @@ -39,13 +39,12 @@ trusted_cert_and_path(CRL, {SerialNumber, Issuer},{Db, DbRef} = DbHandle) -> end; trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) -> - try find_issuer(CRL, DbHandle) of - OtpCert -> + case find_issuer(CRL, DbHandle) of + {ok, OtpCert} -> {ok, Root, Chain} = ssl_certificate:certificate_chain(OtpCert, Db, DbRef), - {ok, Root, lists:reverse(Chain)} - catch - throw:_ -> - {error, issuer_not_found} + {ok, Root, lists:reverse(Chain)}; + {error, issuer_not_found} -> + {ok, unknown_crl_ca, []} end. find_issuer(CRL, {Db,_}) -> @@ -61,11 +60,10 @@ find_issuer(CRL, {Db,_}) -> issuer_not_found -> {error, issuer_not_found} catch - {ok, IssuerCert} -> - IssuerCert + {ok, _} = Result -> + Result end. - verify_crl_issuer(CRL, ErlCertCandidate, Issuer, NotIssuer) -> TBSCert = ErlCertCandidate#'OTPCertificate'.tbsCertificate, case public_key:pkix_normalize_name(TBSCert#'OTPTBSCertificate'.subject) of |