aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src/pubkey_cert.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/src/pubkey_cert.erl')
-rw-r--r--lib/public_key/src/pubkey_cert.erl29
1 files changed, 18 insertions, 11 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index e704c168f1..fadb993ed9 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -164,7 +164,7 @@ validate_signature(OtpCert, DerCert, Key, KeyParams,
verify_fun(OtpCert, {bad_cert, invalid_signature}, UserState, VerifyFun)
end.
%%--------------------------------------------------------------------
--spec validate_names(#'OTPCertificate'{}, list(), list(),
+-spec validate_names(#'OTPCertificate'{}, no_constraints | list(), list(),
term(), term(), fun())-> term().
%%
%% Description: Validate Subject Alternative Name.
@@ -223,10 +223,15 @@ validate_revoked_status(_OtpCert, UserState, _VerifyFun) ->
%%--------------------------------------------------------------------
validate_extensions(OtpCert, ValidationState, UserState, VerifyFun) ->
TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
- Extensions = TBSCert#'OTPTBSCertificate'.extensions,
- validate_extensions(OtpCert, Extensions, ValidationState, no_basic_constraint,
- is_self_signed(OtpCert), UserState, VerifyFun).
-
+ case TBSCert#'OTPTBSCertificate'.version of
+ N when N >= 3 ->
+ Extensions = TBSCert#'OTPTBSCertificate'.extensions,
+ validate_extensions(OtpCert, Extensions,
+ ValidationState, no_basic_constraint,
+ is_self_signed(OtpCert), UserState, VerifyFun);
+ _ -> %% Extensions not present in versions 1 & 2
+ {ValidationState, UserState}
+ end.
%%--------------------------------------------------------------------
-spec normalize_general_name({rdnSequence, term()}) -> {rdnSequence, term()}.
%%
@@ -290,8 +295,8 @@ is_fixed_dh_cert(#'OTPCertificate'{tbsCertificate =
%%--------------------------------------------------------------------
--spec verify_fun(#'OTPTBSCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
- valid, term(), fun()) -> term().
+-spec verify_fun(#'OTPCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
+ valid | valid_peer, term(), fun()) -> term().
%%
%% Description: Gives the user application the opportunity handle path
%% validation errors and unknown extensions and optional do other
@@ -313,7 +318,7 @@ verify_fun(Otpcert, Result, UserState0, VerifyFun) ->
{extension, #'Extension'{critical = true}} ->
throw({bad_cert, unknown_critical_extension});
_ ->
- UserState
+ UserState
end
end.
@@ -389,10 +394,12 @@ public_key_info(PublicKeyInfo,
NewPublicKeyParams =
case PublicKeyParams of
- 'NULL' when WorkingAlgorithm == Algorithm ->
+ {null, 'NULL'} when WorkingAlgorithm == Algorithm ->
WorkingParams;
- _ ->
- PublicKeyParams
+ {params, Params} ->
+ Params;
+ Params ->
+ Params
end,
{Algorithm, PublicKey, NewPublicKeyParams}.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 22:25:57 +0000