diff options
author | Ingela Anderton Andin <[email protected]> | 2017-01-20 14:49:24 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-01-24 17:41:24 +0100 |
commit | 14522f25b9e8944ca427cac61b029e521fe321c6 (patch) | |
tree | 2cadc1bad3211cab033dbca28e5af12f9d8b8a62 /lib/ssl | |
parent | 306badbd13a70fa232091ca3f7ea4fe92c9cfe24 (diff) | |
download | otp-14522f25b9e8944ca427cac61b029e521fe321c6.tar.gz otp-14522f25b9e8944ca427cac61b029e521fe321c6.tar.bz2 otp-14522f25b9e8944ca427cac61b029e521fe321c6.zip |
ssl: Handle more than one DistributionPoint
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_crl.erl | 2 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 13 |
2 files changed, 11 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl index fc60bdba67..0aaa1abb06 100644 --- a/lib/ssl/src/ssl_crl.erl +++ b/lib/ssl/src/ssl_crl.erl @@ -44,7 +44,7 @@ trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) -> {ok, Root, Chain} = ssl_certificate:certificate_chain(OtpCert, Db, DbRef), {ok, Root, lists:reverse(Chain)}; {error, issuer_not_found} -> - {ok, unknown_crl_ca, []} + {error, unknown_ca_crl} end. find_issuer(CRL, {Db,DbRef}) -> diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 4acc745c5f..5ab062992c 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -2229,7 +2229,8 @@ dps_and_crls(OtpCert, Callback, CRLDbHandle, ext) -> no_dps; DistPoints -> Issuer = OtpCert#'OTPCertificate'.tbsCertificate#'OTPTBSCertificate'.issuer, - distpoints_lookup(DistPoints, Issuer, Callback, CRLDbHandle) + CRLs = distpoints_lookup(DistPoints, Issuer, Callback, CRLDbHandle), + dps_and_crls(DistPoints, CRLs, []) end; dps_and_crls(OtpCert, Callback, CRLDbHandle, same_issuer) -> @@ -2242,7 +2243,13 @@ dps_and_crls(OtpCert, Callback, CRLDbHandle, same_issuer) -> end, GenNames), [{DP, {CRL, public_key:der_decode('CertificateList', CRL)}} || CRL <- CRLs]. -distpoints_lookup([], _, _, _) -> +dps_and_crls([], _, Acc) -> + Acc; +dps_and_crls([DP | Rest], CRLs, Acc) -> + DpCRL = [{DP, {CRL, public_key:der_decode('CertificateList', CRL)}} || CRL <- CRLs], + dps_and_crls(Rest, CRLs, DpCRL ++ Acc). + +distpoints_lookup([],_, _, _) -> []; distpoints_lookup([DistPoint | Rest], Issuer, Callback, CRLDbHandle) -> Result = @@ -2257,7 +2264,7 @@ distpoints_lookup([DistPoint | Rest], Issuer, Callback, CRLDbHandle) -> not_available -> distpoints_lookup(Rest, Issuer, Callback, CRLDbHandle); CRLs -> - [{DistPoint, {CRL, public_key:der_decode('CertificateList', CRL)}} || CRL <- CRLs] + CRLs end. sign_algo(?rsaEncryption) -> |