aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/erl_interface/configure.in8
-rw-r--r--lib/erl_interface/src/connect/ei_connect.c14
-rw-r--r--lib/erl_interface/test/ei_accept_SUITE.erl42
-rw-r--r--lib/erl_interface/test/ei_connect_SUITE.erl7
-rw-r--r--lib/kernel/test/gen_udp_SUITE.erl18
-rw-r--r--lib/public_key/include/public_key.hrl6
-rw-r--r--lib/public_key/src/pubkey_cert.erl90
-rw-r--r--lib/public_key/src/public_key.erl5
-rw-r--r--lib/public_key/test/public_key_SUITE.erl8
-rw-r--r--lib/ssl/doc/src/ssl.xml55
-rw-r--r--lib/ssl/src/ssl.erl8
-rw-r--r--lib/ssl/src/ssl_certificate.erl10
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl10
13 files changed, 151 insertions, 130 deletions
diff --git a/lib/erl_interface/configure.in b/lib/erl_interface/configure.in
index 7728cb97be..72ac8c7bbf 100644
--- a/lib/erl_interface/configure.in
+++ b/lib/erl_interface/configure.in
@@ -288,13 +288,7 @@ case "$threads_disabled" in
;;
win32_threads)
EI_THREADS="true"
- AC_MSG_CHECKING([for __declspec(thread) usability])
- if test "X$GCC" = "Xyes"; then
- AC_MSG_RESULT([no])
- else
- THR_DEFS="$THR_DEFS -DUSE_DECLSPEC_THREAD"
- AC_MSG_RESULT([yes])
- fi
+ THR_DEFS="$THR_DEFS -D_WIN32_WINNT=0x0500 -DWINVER=0x0500"
;;
pthread)
EI_THREADS="true"
diff --git a/lib/erl_interface/src/connect/ei_connect.c b/lib/erl_interface/src/connect/ei_connect.c
index e191f3fbf0..99ccba0686 100644
--- a/lib/erl_interface/src/connect/ei_connect.c
+++ b/lib/erl_interface/src/connect/ei_connect.c
@@ -366,16 +366,16 @@ static int initWinSock(void)
WORD wVersionRequested;
WSADATA wsaData;
int i;
- /* FIXME problem for threaded ? */
- static int initialized = 0;
+
+ static LONG volatile initialized = 0;
wVersionRequested = MAKEWORD(1, 1);
- if (!initialized) {
- initialized = 1;
+ if (InterlockedCompareExchange((LPLONG) &initialized,1L,0L) == 0L) {
/* FIXME not terminate, just a message?! */
if ((i = WSAStartup(wVersionRequested, &wsaData))) {
EI_TRACE_ERR1("ei_connect_init",
"ERROR: can't initialize windows sockets: %d",i);
+ initialized = 2L;
return 0;
}
@@ -383,10 +383,14 @@ static int initWinSock(void)
EI_TRACE_ERR0("initWinSock","ERROR: this version of windows "
"sockets not supported");
WSACleanup();
+ initialized = 2L;
return 0;
}
+ initialized = 3L;
+ } else while (initialized < 2) {
+ SwitchToThread();
}
- return 1;
+ return (int) (initialized - 2);
}
#endif
diff --git a/lib/erl_interface/test/ei_accept_SUITE.erl b/lib/erl_interface/test/ei_accept_SUITE.erl
index bc83d6a62e..31781fe377 100644
--- a/lib/erl_interface/test/ei_accept_SUITE.erl
+++ b/lib/erl_interface/test/ei_accept_SUITE.erl
@@ -31,7 +31,7 @@
all(suite) -> [ei_accept, ei_threaded_accept].
init_per_testcase(_Case, Config) ->
- Dog = ?t:timetrap(?t:minutes(0.25)),
+ Dog = ?t:timetrap(?t:seconds(30)),
[{watchdog, Dog}|Config].
fin_per_testcase(_Case, Config) ->
@@ -43,8 +43,6 @@ ei_accept(Config) when is_list(Config) ->
?line P = runner:start(?interpret),
?line 0 = ei_connect_init(P, 42, erlang:get_cookie(), 0),
-% ?line AMsg={a,[message, with], " strings in it!", [-12, -23], 1.001},
- %% shouldn't this be a bif or function or something?
?line Myname= hd(tl(string:tokens(atom_to_list(node()), "@"))),
?line io:format("Myname ~p ~n", [Myname]),
?line EINode= list_to_atom("c42@"++Myname),
@@ -52,9 +50,13 @@ ei_accept(Config) when is_list(Config) ->
?line Self= self(),
?line TermToSend= {call, Self, "Test"},
?line F= fun() ->
- timer:sleep(500),
- {any, EINode} ! TermToSend,
- Self ! sent_ok,
+ case waitfornode("c42",20) of
+ true ->
+ {any, EINode} ! TermToSend,
+ Self ! sent_ok;
+ false ->
+ Self ! never_published
+ end,
ok
end,
@@ -90,12 +92,29 @@ ei_threaded_accept(Config) when is_list(Config) ->
|| I <- lists:seq(0, N-1) ],
ok.
+waitfornode(String,0) ->
+ io:format("~s never published itself.~n",[String]),
+ false;
+waitfornode(String,N) ->
+ Registered = [X || {X,_} <- element(2,erl_epmd:names())],
+ case lists:member(String,Registered) of
+ true ->
+ true;
+ false ->
+ timer:sleep(1000),
+ waitfornode(String,N-1)
+ end.
+
send_rec_einode(N, TestServerPid) ->
?line Myname= hd(tl(string:tokens(atom_to_list(node()), "@"))),
- ?line EINode= list_to_atom("eiacc" ++ integer_to_list(N) ++ "@" ++ Myname),
+ ?line FirstPart = "eiacc" ++ integer_to_list(N),
+ ?line EINode= list_to_atom(FirstPart ++ "@" ++ Myname),
?line io:format("EINode ~p ~n", [EINode]),
?line Self= self(),
- ?line timer:sleep(10*1000),
+ ?line case waitfornode(FirstPart,20) of
+ true -> ok;
+ false -> test_server:fail({never_published,EINode})
+ end,
?line {any, EINode} ! Self,
?line receive
{N,_}=X ->
@@ -136,13 +155,6 @@ ei_receive(P, Fd) ->
{term, T}= get_term(P),
T.
-ei_unpublish(P) ->
- send_command(P, ei_unpublish, []),
- case get_term(P) of
- {term,{0, _}} -> ok;
- {term,{_X, Errno}} -> {error,Errno}
- end.
-
send_command(P, Name, Args) ->
runner:send_term(P, {Name,list_to_tuple(Args)}).
diff --git a/lib/erl_interface/test/ei_connect_SUITE.erl b/lib/erl_interface/test/ei_connect_SUITE.erl
index 56f478edad..fe82a73ef9 100644
--- a/lib/erl_interface/test/ei_connect_SUITE.erl
+++ b/lib/erl_interface/test/ei_connect_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -103,10 +103,12 @@ ei_threaded_send(Config) when is_list(Config) ->
?line Einode = filename:join(?config(data_dir, Config), "einode"),
?line N = 15,
?line Host = atom_to_list(node()),
- ?line spawn_link(fun() -> start_einode(Einode, N, Host) end),
?line TestServerPid = self(),
?line [ spawn_link(fun() -> rec_einode(I, TestServerPid) end)
|| I <- lists:seq(0, N-1) ],
+ ?line [ receive {I,registered} -> ok end
+ || I <- lists:seq(0, N-1) ],
+ ?line spawn_link(fun() -> start_einode(Einode, N, Host) end),
?line [ receive I -> ok end
|| I <- lists:seq(0, N-1) ],
ok.
@@ -114,6 +116,7 @@ ei_threaded_send(Config) when is_list(Config) ->
rec_einode(N, TestServerPid) ->
?line Regname = list_to_atom("mth"++integer_to_list(N)),
?line register(Regname, self()),
+ ?line TestServerPid ! {N, registered},
?line io:format("~p waiting~n", [Regname]),
?line receive
X ->
diff --git a/lib/kernel/test/gen_udp_SUITE.erl b/lib/kernel/test/gen_udp_SUITE.erl
index 44dd8607b9..bbdfbd3cb0 100644
--- a/lib/kernel/test/gen_udp_SUITE.erl
+++ b/lib/kernel/test/gen_udp_SUITE.erl
@@ -415,15 +415,15 @@ connect(suite) ->
connect(doc) ->
["Test that connect/3 has effect"];
connect(Config) when is_list(Config) ->
- Addr = {127,0,0,1},
- {ok,S1} = gen_udp:open(0),
- {ok,P1} = inet:port(S1),
- {ok,S2} = gen_udp:open(0),
- ok = inet:setopts(S2, [{active,false}]),
- ok = gen_udp:close(S1),
- ok = gen_udp:connect(S2, Addr, P1),
- ok = gen_udp:send(S2, <<16#deadbeef:32>>),
- {error,econnrefused} = gen_udp:recv(S2, 0, 5),
+ ?line Addr = {127,0,0,1},
+ ?line {ok,S1} = gen_udp:open(0),
+ ?line {ok,P1} = inet:port(S1),
+ ?line {ok,S2} = gen_udp:open(0),
+ ?line ok = inet:setopts(S2, [{active,false}]),
+ ?line ok = gen_udp:close(S1),
+ ?line ok = gen_udp:connect(S2, Addr, P1),
+ ?line ok = gen_udp:send(S2, <<16#deadbeef:32>>),
+ ?line {error,econnrefused} = gen_udp:recv(S2, 0, 5),
ok.
implicit_inet6(Config) when is_list(Config) ->
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 82681502ab..a16eb10fe6 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -31,8 +31,10 @@
-define(DEFAULT_VERIFYFUN,
{fun(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
- (_,{extension, _}, UserState) ->
- {unknown, UserState}
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []}).
-record(path_validation_state, {
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index b3c230df25..e704c168f1 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -29,7 +29,7 @@
validate_revoked_status/3, validate_extensions/4,
normalize_general_name/1, digest_type/1, is_self_signed/1,
is_issuer/2, issuer_id/2, is_fixed_dh_cert/1,
- verify_data/1]).
+ verify_data/1, verify_fun/4]).
-define(NULL, 0).
@@ -288,6 +288,35 @@ is_fixed_dh_cert(#'OTPCertificate'{tbsCertificate =
Extensions}}) ->
is_fixed_dh_cert(SubjectPublicKeyInfo, extensions_list(Extensions)).
+
+%%--------------------------------------------------------------------
+-spec verify_fun(#'OTPTBSCertificate'{}, {bad_cert, atom()} | {extension, #'Extension'{}}|
+ valid, term(), fun()) -> term().
+%%
+%% Description: Gives the user application the opportunity handle path
+%% validation errors and unknown extensions and optional do other
+%% things with a validated certificate.
+%% --------------------------------------------------------------------
+verify_fun(Otpcert, Result, UserState0, VerifyFun) ->
+ case VerifyFun(Otpcert, Result, UserState0) of
+ {valid,UserState} ->
+ UserState;
+ {fail, Reason} ->
+ case Result of
+ {bad_cert, _} ->
+ throw(Result);
+ _ ->
+ throw({bad_cert, Reason})
+ end;
+ {unknown, UserState} ->
+ case Result of
+ {extension, #'Extension'{critical = true}} ->
+ throw({bad_cert, unknown_critical_extension});
+ _ ->
+ UserState
+ end
+ end.
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
@@ -315,25 +344,6 @@ extensions_list(asn1_NOVALUE) ->
extensions_list(Extensions) ->
Extensions.
-verify_fun(Otpcert, Result, UserState0, VerifyFun) ->
- case VerifyFun(Otpcert, Result, UserState0) of
- {valid,UserState} ->
- UserState;
- {fail, Reason} ->
- case Result of
- {bad_cert, _} ->
- throw(Result);
- _ ->
- throw({bad_cert, Reason})
- end;
- {unknown, UserState} ->
- case Result of
- {extension, #'Extension'{critical = true}} ->
- throw({bad_cert, unknown_critical_extension});
- _ ->
- UserState
- end
- end.
extract_verify_data(OtpCert, DerCert) ->
{0, Signature} = OtpCert#'OTPCertificate'.signature,
@@ -538,42 +548,21 @@ validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-keyUsage',
end;
validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-subjectAltName',
- extnValue = Names} | Rest],
+ extnValue = Names,
+ critical = true} = Ext | Rest],
ValidationState, ExistBasicCon,
SelfSigned, UserState0, VerifyFun) ->
case validate_subject_alt_names(Names) of
- true when Names =/= [] ->
+ true ->
validate_extensions(OtpCert, Rest, ValidationState, ExistBasicCon,
SelfSigned, UserState0, VerifyFun);
- _ ->
- UserState = verify_fun(OtpCert, {bad_cert, invalid_subject_altname},
+ false ->
+ UserState = verify_fun(OtpCert, {extension, Ext},
UserState0, VerifyFun),
validate_extensions(OtpCert, Rest, ValidationState, ExistBasicCon,
SelfSigned, UserState, VerifyFun)
end;
-%% This extension SHOULD NOT be marked critical. Its value
-%% does not have to be further validated at this point.
-validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-issuerAltName',
- extnValue = _} | Rest],
- ValidationState, ExistBasicCon,
- SelfSigned, UserState, VerifyFun) ->
- validate_extensions(OtpCert, Rest, ValidationState, ExistBasicCon,
- SelfSigned, UserState, VerifyFun);
-
-%% This extension MUST NOT be marked critical.Its value
-%% does not have to be further validated at this point.
-validate_extensions(OtpCert, [#'Extension'{extnID = Id,
- extnValue = _,
- critical = false} | Rest],
- ValidationState,
- ExistBasicCon, SelfSigned,
- UserState, VerifyFun)
- when Id == ?'id-ce-subjectKeyIdentifier';
- Id == ?'id-ce-authorityKeyIdentifier'->
- validate_extensions(OtpCert, Rest, ValidationState, ExistBasicCon,
- SelfSigned, UserState, VerifyFun);
-
validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-nameConstraints',
extnValue = NameConst} | Rest],
ValidationState,
@@ -587,7 +576,6 @@ validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-nameConstraints',
validate_extensions(OtpCert, Rest, NewValidationState, ExistBasicCon,
SelfSigned, UserState, VerifyFun);
-
validate_extensions(OtpCert, [#'Extension'{extnID = ?'id-ce-certificatePolicies',
critical = true} = Ext| Rest], ValidationState,
ExistBasicCon, SelfSigned, UserState0, VerifyFun) ->
@@ -648,13 +636,13 @@ is_valid_key_usage(KeyUse, Use) ->
lists:member(Use, KeyUse).
validate_subject_alt_names([]) ->
- true;
+ false;
validate_subject_alt_names([AltName | Rest]) ->
case is_valid_subject_alt_name(AltName) of
true ->
- validate_subject_alt_names(Rest);
+ true;
false ->
- false
+ validate_subject_alt_names(Rest)
end.
is_valid_subject_alt_name({Name, Value}) when Name == rfc822Name;
@@ -682,6 +670,8 @@ is_valid_subject_alt_name({directoryName, _}) ->
true;
is_valid_subject_alt_name({_, [_|_]}) ->
true;
+is_valid_subject_alt_name({otherName, #'AnotherName'{}}) ->
+ false;
is_valid_subject_alt_name({_, _}) ->
false.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 68bf04eeff..9c7817fa8e 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -539,6 +539,7 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
user_state = UserState0,
verify_fun = VerifyFun} =
ValidationState0) ->
+
OtpCert = pkix_decode_cert(DerCert, otp),
UserState1 = pubkey_cert:validate_time(OtpCert, UserState0, VerifyFun),
@@ -556,10 +557,12 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
%% We want the key_usage extension to be checked before we validate
%% the signature.
- UserState = pubkey_cert:validate_signature(OtpCert, DerCert,
+ UserState0 = pubkey_cert:validate_signature(OtpCert, DerCert,
Key, KeyParams, UserState5, VerifyFun),
+ UserState = pubkey_cert:verify_fun(OtpCert, valid, UserState0, VerifyFun),
ValidationState =
ValidationState1#path_validation_state{user_state = UserState},
+
pubkey_cert:prepare_for_next_cert(OtpCert, ValidationState).
sized_binary(Binary) when is_binary(Binary) ->
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 46b8c3db8b..ea6a925139 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -377,7 +377,9 @@ pkix_path_validation(Config) when is_list(Config) ->
(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
{ok, _} =
public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
@@ -392,7 +394,9 @@ pkix_path_validation(Config) when is_list(Config) ->
(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
{ok, _} =
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 0f3054aec3..d5b7253ef3 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -202,16 +202,19 @@
<p>The verification fun should be defined as:</p>
<code>
- fun(OtpCert :: #'OtpCertificate'{},
- Event :: {bad_cert, Reason :: atom()} |
- {extension, #'Extension'{}}, InitialUserState :: term()) ->
- {valid, UserState :: term()} | {fail, Reason :: term()} |
- {unknown, UserState :: term()}.
+fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
+ {extension, #'Extension'{}}, InitialUserState :: term()) ->
+ {valid, UserState :: term()} | {fail, Reason :: term()} |
+ {unknown, UserState :: term()}.
</code>
<p>The verify fun will be called during the X509-path
validation when an error or an extension unknown to the ssl
- application is encountered. See
+ application is encountered. Additionally it will be called
+ when a certificate is considered valid by the path validation
+ to allow access to each certificate in the path to the user
+ application.
+ See
<seealso marker="public_key:application">public_key(3)</seealso>
for definition of #'OtpCertificate'{} and #'Extension'{}.</p>
@@ -229,34 +232,32 @@
<p>The default verify_fun option in verify_peer mode:</p>
<code>
- {fun(_,{bad_cert, _} = Reason, _) ->
- {fail, Reason};
- (_,{extension, _}, UserState) ->
- {unknown, UserState}
- end, []}
+{fun(_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []}
</code>
<p>The default verify_fun option in verify_none mode:</p>
<code>
- {fun(_,{bad_cert, unknown_ca}, UserState) ->
- {valid, UserState};
- (_,{bad_cert, _} = Reason, _) ->
- {fail, Reason};
- (_,{extension, _}, UserState) ->
- {unknown, UserState}
- end, []}
+{fun(_,{bad_cert, unknown_ca}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []}
</code>
- <p> Possible path validation errors:
- {bad_cert, cert_expired},
- {bad_cert, invalid_issuer},
- {bad_cert, invalid_signature},
- {bad_cert, unknown_ca},
- {bad_cert, name_not_permitted},
- {bad_cert, missing_basic_constraint},
- {bad_cert, invalid_key_usage},
- {bad_cert, invalid_subject_altname}</p>
+<p>Possible path validation errors: </p>
+
+<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
</item>
</taglist>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index cc01b35b64..12dffb413c 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -535,7 +535,9 @@ handle_options(Opts0, _Role) ->
(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
UserFailIfNoPeerCert = handle_option(fail_if_no_peer_cert, Opts, false),
@@ -631,7 +633,9 @@ validate_option(verify_fun, Fun) when is_function(Fun) ->
{fail, Reason}
end;
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, Fun};
validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) ->
Value;
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 6cf57ced81..206024315e 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -34,7 +34,6 @@
-export([trusted_cert_and_path/2,
certificate_chain/2,
file_to_certificats/1,
- %validate_extensions/6,
validate_extension/3,
is_valid_extkey_usage/2,
is_valid_key_usage/2,
@@ -118,8 +117,7 @@ file_to_certificats(File) ->
%% Description: Validates ssl/tls specific extensions
%%--------------------------------------------------------------------
validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage',
- extnValue = KeyUse,
- critical = true}}, Role) ->
+ extnValue = KeyUse}}, Role) ->
case is_valid_extkey_usage(KeyUse, Role) of
true ->
{valid, Role};
@@ -128,8 +126,10 @@ validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage',
end;
validate_extension(_, {bad_cert, _} = Reason, _) ->
{fail, Reason};
-validate_extension(_, _, Role) ->
- {unknown, Role}.
+validate_extension(_, {extension, _}, Role) ->
+ {unknown, Role};
+validate_extension(_, valid, Role) ->
+ {valid, Role}.
%%--------------------------------------------------------------------
-spec is_valid_key_usage(list(), term()) -> boolean().
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 1e96880801..3cb9337775 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -2860,7 +2860,9 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
FunAndState = {fun(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
@@ -2926,7 +2928,9 @@ unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
(_,{bad_cert, _} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
- {unknown, UserState}
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
end, []},
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
@@ -3095,7 +3099,7 @@ session_cache_process_mnesia(suite) ->
session_cache_process_mnesia(Config) when is_list(Config) ->
session_cache_process(mnesia,Config).
-session_cache_process(Type,Config) when is_list(Config) ->
+session_cache_process(_Type,Config) when is_list(Config) ->
reuse_session(Config).
init([Type]) ->