aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <ingela@erlang.org>2017-01-11 14:35:58 +0100
committerIngela Anderton Andin <ingela@erlang.org>2017-01-24 17:41:24 +0100
commit306badbd13a70fa232091ca3f7ea4fe92c9cfe24 (patch)
tree5a89e0a7e4db848309c23075d608c28bd01bdd96 /lib
parent5a97f05aa92b4a68083390c9eb5e33193213086f (diff)
downloadotp-306badbd13a70fa232091ca3f7ea4fe92c9cfe24.tar.gz
otp-306badbd13a70fa232091ca3f7ea4fe92c9cfe24.tar.bz2
otp-306badbd13a70fa232091ca3f7ea4fe92c9cfe24.zip
ssl: Correct ssl_certificate:validate/3
Changes made to ssl_certificate:validate appear to be preventing CRL validation from happening when an id-ce-extKeyUsage extension is present in the cert before the DistributionPoint extension. https://github.com/erlang/otp/blob/448e8aca77dd29ed5b37d56f0700d24ac26a7243/lib/ssl/src/ssl_certificate.erl#L131 See also ERL-338 and PR-1302
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/ssl_certificate.erl16
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index f359655d85..8aa2aa4081 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -125,21 +125,21 @@ file_to_crls(File, DbHandle) ->
%% Description: Validates ssl/tls specific extensions
%%--------------------------------------------------------------------
validate(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage',
- extnValue = KeyUse}}, {Role, _,_, _, _}) ->
+ extnValue = KeyUse}}, UserState = {Role, _,_, _, _}) ->
case is_valid_extkey_usage(KeyUse, Role) of
true ->
- {valid, Role};
+ {valid, UserState};
false ->
{fail, {bad_cert, invalid_ext_key_usage}}
end;
-validate(_, {extension, _}, Role) ->
- {unknown, Role};
+validate(_, {extension, _}, UserState) ->
+ {unknown, UserState};
validate(_, {bad_cert, _} = Reason, _) ->
{fail, Reason};
-validate(_, valid, Role) ->
- {valid, Role};
-validate(_, valid_peer, Role) ->
- {valid, Role}.
+validate(_, valid, UserState) ->
+ {valid, UserState};
+validate(_, valid_peer, UserState) ->
+ {valid, UserState}.
%%--------------------------------------------------------------------
-spec is_valid_key_usage(list(), term()) -> boolean().