From 3514f176a55db0c9052c3857c6fcba35726945dc Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 16 Jun 2017 15:38:06 +0200 Subject: ssl,public_key: Provide details for CRL check failiures when revokation state can not be determined --- lib/public_key/doc/src/public_key.xml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib/public_key/doc/src') diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 04966ffb9c..8d4191d112 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -621,8 +621,8 @@ fun(OtpCert :: #'OTPCertificate'{}, OTPCertificate = #'OTPCertificate'{} DPAndCRLs = [{DP::#'DistributionPoint'{}, {DerCRL::der_encoded(), CRL::#'CertificateList'{}}}] Options = proplists:proplist() - CRLStatus() = valid | {bad_cert, revocation_status_undetermined} | - {bad_cert, {revoked, crl_reason()}} + CRLStatus() = valid | {bad_cert, revocation_status_undetermined} | {bad_cert, {revocation_status_undetermined, + {bad_crls, Details::term()}}} | {bad_cert, {revoked, crl_reason()}}

Performs CRL validation. It is intended to be called from @@ -650,7 +650,7 @@ fun(OtpCert :: #'OTPCertificate'{}, {issuer_fun, fun()}

The fun has the following type specification:

- + fun(#'DistributionPoint'{}, #'CertificateList'{}, {rdnSequence,[#'AttributeTypeAndValue'{}]}, term()) -> @@ -660,7 +660,15 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, that has signed the CRL.

fun(DP, CRL, Issuer, UserState) -> {ok, RootCert, CertChain} - + + + {undetermined_details, boolean()} + +

Defaults to false. When revocation status can not be + determined, and this option is set to true, details of why no + CRLs where accepted are included in the return value.

+ + -- cgit v1.2.3