From 14522f25b9e8944ca427cac61b029e521fe321c6 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 20 Jan 2017 14:49:24 +0100
Subject: ssl: Handle more than one DistributionPoint

---
 lib/ssl/src/ssl_crl.erl       |  2 +-
 lib/ssl/src/ssl_handshake.erl | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/ssl/src/ssl_crl.erl b/lib/ssl/src/ssl_crl.erl
index fc60bdba67..0aaa1abb06 100644
--- a/lib/ssl/src/ssl_crl.erl
+++ b/lib/ssl/src/ssl_crl.erl
@@ -44,7 +44,7 @@ trusted_cert_and_path(CRL, issuer_not_found, {Db, DbRef} = DbHandle) ->
 	    {ok, Root, Chain} = ssl_certificate:certificate_chain(OtpCert, Db, DbRef),
 	    {ok, Root, lists:reverse(Chain)};
 	{error, issuer_not_found} ->
-	    {ok, unknown_crl_ca, []}
+	    {error, unknown_ca_crl}
     end.
 
 find_issuer(CRL, {Db,DbRef}) ->
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 4acc745c5f..5ab062992c 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -2229,7 +2229,8 @@ dps_and_crls(OtpCert, Callback, CRLDbHandle, ext) ->
 	    no_dps;
 	DistPoints ->
 	    Issuer = OtpCert#'OTPCertificate'.tbsCertificate#'OTPTBSCertificate'.issuer,
-	    distpoints_lookup(DistPoints, Issuer, Callback, CRLDbHandle)
+	    CRLs = distpoints_lookup(DistPoints, Issuer, Callback, CRLDbHandle),
+            dps_and_crls(DistPoints, CRLs, [])
     end;
 
 dps_and_crls(OtpCert, Callback, CRLDbHandle, same_issuer) ->    
@@ -2242,7 +2243,13 @@ dps_and_crls(OtpCert, Callback, CRLDbHandle, same_issuer) ->
 			 end, GenNames),
     [{DP, {CRL, public_key:der_decode('CertificateList', CRL)}} ||  CRL <- CRLs].
 
-distpoints_lookup([], _, _, _) ->
+dps_and_crls([], _, Acc) ->
+    Acc;
+dps_and_crls([DP | Rest], CRLs, Acc) ->
+    DpCRL = [{DP, {CRL, public_key:der_decode('CertificateList', CRL)}} ||  CRL <- CRLs],
+    dps_and_crls(Rest, CRLs, DpCRL ++ Acc).
+    
+distpoints_lookup([],_, _, _) ->
     [];
 distpoints_lookup([DistPoint | Rest], Issuer, Callback, CRLDbHandle) ->
     Result =
@@ -2257,7 +2264,7 @@ distpoints_lookup([DistPoint | Rest], Issuer, Callback, CRLDbHandle) ->
 	not_available ->
 	    distpoints_lookup(Rest, Issuer, Callback, CRLDbHandle);
 	CRLs ->
-	    [{DistPoint, {CRL, public_key:der_decode('CertificateList', CRL)}} ||  CRL <- CRLs]
+	    CRLs
     end.	
 
 sign_algo(?rsaEncryption) ->
-- 
cgit v1.2.3