aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2015-02-02 10:05:33 +0100
committerIngela Anderton Andin <[email protected]>2015-02-02 10:05:33 +0100
commitedf6a220668d7461044918c10190b41ea7a4891d (patch)
tree8778e5a9fa167e0a80980ceed8f406486a4fe63c /lib/ssl
parent6f19eae6d1df8d6892a3f665d3cf38d3cc5359fc (diff)
parent158447e03d6de6201b4cbb7244e406ea873fa3a3 (diff)
downloadotp-edf6a220668d7461044918c10190b41ea7a4891d.tar.gz
otp-edf6a220668d7461044918c10190b41ea7a4891d.tar.bz2
otp-edf6a220668d7461044918c10190b41ea7a4891d.zip
Merge branch 'ia/ssl/self-signed-root/OTP-12449' into maint
* ia/ssl/self-signed-root/OTP-12449: ssl: Remove selfsigned anchor certificate from the certificate chain
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_certificate.erl2
-rw-r--r--lib/ssl/test/ssl_certificate_verify_SUITE.erl4
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 9c0ed181fe..30d224fee2 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -282,7 +282,7 @@ other_issuer(OtpCert, CertDbHandle) ->
handle_path({BinCert, OTPCert}, Path, PartialChainHandler) ->
case public_key:pkix_is_self_signed(OTPCert) of
true ->
- {BinCert, Path};
+ {BinCert, lists:delete(BinCert, Path)};
false ->
handle_incomplete_chain(Path, PartialChainHandler)
end.
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index b7864ba6e7..dab7a941db 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -443,7 +443,7 @@ verify_fun_always_run_client(Config) when is_list(Config) ->
{unknown, UserState};
(_, valid, [ChainLen]) ->
{valid, [ChainLen + 1]};
- (_, valid_peer, [2]) ->
+ (_, valid_peer, [1]) ->
{fail, "verify_fun_was_always_run"};
(_, valid_peer, UserState) ->
{valid, UserState}
@@ -482,7 +482,7 @@ verify_fun_always_run_server(Config) when is_list(Config) ->
{unknown, UserState};
(_, valid, [ChainLen]) ->
{valid, [ChainLen + 1]};
- (_, valid_peer, [2]) ->
+ (_, valid_peer, [1]) ->
{fail, "verify_fun_was_always_run"};
(_, valid_peer, UserState) ->
{valid, UserState}