From 6cced538abd4f8053c009b163efa8c6d568b9580 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 9 Sep 2010 17:07:22 +0200
Subject: Improved certificate extension handling

Added the functionality so that the verification fun will be called
when a certificate is considered valid by the path validation to allow
access to eachs certificate in the path to the user application.

Removed clause that only check that a extension is not critical,
it does alter the verification rusult only withholds information from
the application.

Try to verify subject-AltName, if unable to verify it let
application try.
---
 lib/public_key/include/public_key.hrl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/public_key/include/public_key.hrl')

diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 82681502ab..a16eb10fe6 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -31,8 +31,10 @@
 -define(DEFAULT_VERIFYFUN,
 	{fun(_,{bad_cert, _} = Reason, _) ->
 		 {fail, Reason};
-	   (_,{extension, _}, UserState) ->
-		 {unknown, UserState}
+	    (_,{extension, _}, UserState) ->
+		 {unknown, UserState};
+	    (_, valid, UserState) ->
+		 {valid, UserState}
 	 end, []}).
 
 -record(path_validation_state, {
-- 
cgit v1.2.3