From 8991663e33313233fed9cb7b0149baec1aa32b3f Mon Sep 17 00:00:00 2001
From: Andrew Thompson <andrew@hijacked.us>
Date: Thu, 10 Oct 2013 02:23:02 -0400
Subject: Various improvements to CRL handling

* Handle v1 CRLs, with no extensions.
* Compare the IDP on a CRL correctly, if present
* Don't try to double-decode altnames

Tests are also included, and the make_certs testing tool in the SSL
application has been greatly extended.
---
 lib/public_key/src/pubkey_cert.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/public_key/src/pubkey_cert.erl')

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index d9288e99bb..07469e342f 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -319,6 +319,8 @@ verify_fun(Otpcert, Result, UserState0, VerifyFun) ->
 %%
 %% Description: Extracts a specific extension from a list of extensions.
 %%--------------------------------------------------------------------
+select_extension(_, asn1_NOVALUE) ->
+    undefined;
 select_extension(_, []) ->
     undefined;
 select_extension(Id, [#'Extension'{extnID = Id} = Extension | _]) ->
@@ -341,8 +343,8 @@ match_name(uniformResourceIdentifier, URI,  [PermittedName | Rest]) ->
     case split_uri(URI) of
 	incomplete ->
 	    false;
-	{_, _, Host, _, _} ->
-	    match_name(fun is_valid_host_or_domain/2, Host,
+	{_, _, _Host, _, _} ->
+	    match_name(fun is_valid_host_or_domain/2, URI,
 		       PermittedName, Rest)
     end;
 
-- 
cgit v1.2.3


From 9756dcd97cd819c9b2d64c35dd36550f99600e92 Mon Sep 17 00:00:00 2001
From: Andrew Thompson <andrew@hijacked.us>
Date: Sat, 8 Feb 2014 00:58:11 -0500
Subject: Rework IDP validation according to the RFC, fix public_key tests

---
 lib/public_key/src/pubkey_cert.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/public_key/src/pubkey_cert.erl')

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 07469e342f..6272fae91b 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -343,8 +343,8 @@ match_name(uniformResourceIdentifier, URI,  [PermittedName | Rest]) ->
     case split_uri(URI) of
 	incomplete ->
 	    false;
-	{_, _, _Host, _, _} ->
-	    match_name(fun is_valid_host_or_domain/2, URI,
+	{_, _, Host, _, _} ->
+	    match_name(fun is_valid_host_or_domain/2, Host,
 		       PermittedName, Rest)
     end;
 
-- 
cgit v1.2.3


From 8c8999af805265704ce0a3029c85a33f4d42c145 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Fri, 7 Mar 2014 11:04:42 +0100
Subject: ssl, pubkey: Code and test adjustments

---
 lib/public_key/src/pubkey_cert.erl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/public_key/src/pubkey_cert.erl')

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 6272fae91b..ae517ca642 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -344,8 +344,11 @@ match_name(uniformResourceIdentifier, URI,  [PermittedName | Rest]) ->
 	incomplete ->
 	    false;
 	{_, _, Host, _, _} ->
-	    match_name(fun is_valid_host_or_domain/2, Host,
-		       PermittedName, Rest)
+	    PN = case split_uri(PermittedName) of
+		     {_, _, PNhost, _, _} -> PNhost;
+		     _X -> PermittedName
+		 end,
+	    match_name(fun is_valid_host_or_domain/2, Host, PN, Rest)
     end;
 
 match_name(emailAddress, Name, [PermittedName | Rest]) ->
-- 
cgit v1.2.3