From b0c245e8132bb13171e277b1af59c0cec00c9459 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 19 Dec 2016 18:26:01 +0100 Subject: public_key: pkix_verify_hostname (RFC 6125) --- lib/public_key/doc/src/public_key.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'lib/public_key/doc/src/public_key.xml') diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index c503230d70..37aa05e0fd 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -756,6 +756,39 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, + + pkix_verify_hostname(Cert, ReferenceIDs) -> boolean() + pkix_verify_hostname(Cert, ReferenceIDs, Opts) -> boolean() + Verifies that a PKIX x.509 certificate presented identifier (e.g hostname) is + an expected one. + + Cert = der_encoded() | #'OTPCertificate'{} + ReferenceIDs = [ RefID ] + RefID = {IdType,string()} + IdType = dns_id | srv_id | uri_id + Opts = [ PvhOpt() ] + PvhOpt = [MatchOpt | FailCallBackOpt | FqdnExtractOpt] + MatchOpt = {fun(RefId | FQDN::string(), PresentedID) -> boolean() | default} + PresentedID = {dNSName,string()} | {uniformResourceIdentifier,string()} + FailCallBackOpt = {fail_callback, fun(#'OTPCertificate'{}) -> boolean()} + FqdnExtractOpt = {fqdn_fun, fun(RefID) -> FQDN::string() | default | undefined} + + +

This function checks that the Presented Identifier (e.g hostname) in a peer certificate + conforms with the Expected Identifier that the client wants to connect to. + This functions is intended to be added as an extra client check to the peer certificate when performing + public_key:pkix_path_validation/3 +

+

See RFC 6125 + for detailed information about hostname verification. + The User's Manual + and + code examples + describes this function more detailed. +

+ + + sign(Msg, DigestType, Key) -> binary() Creates a digital signature. -- cgit v1.2.3