diff options
Diffstat (limited to 'lib/public_key/src/pubkey_crl.erl')
| -rw-r--r-- | lib/public_key/src/pubkey_crl.erl | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/public_key/src/pubkey_crl.erl b/lib/public_key/src/pubkey_crl.erl index 503d0205a6..2d947058de 100644 --- a/lib/public_key/src/pubkey_crl.erl +++ b/lib/public_key/src/pubkey_crl.erl @@ -393,11 +393,15 @@ verify_dp_name(asn1_NOVALUE, _) -> ok; verify_dp_name(IDPNames, DPorIssuerNames) -> - case match_one(DPorIssuerNames, IDPNames) of - true -> - ok; - false -> - throw({bad_crl, scope_error}) + %% RFC 5280 section 5.2.5 + %% Check that at least one IssuingDistributionPointName in the CRL lines up + %% with a DistributionPointName in the certificate. + Matches = [X || X <- IDPNames, Y <- DPorIssuerNames, X == Y], + case Matches of + [] -> + throw({bad_crl, scope_error}); + _ -> + ok end. match_one([], _) -> |