From 8991663e33313233fed9cb7b0149baec1aa32b3f Mon Sep 17 00:00:00 2001 From: Andrew Thompson <andrew@hijacked.us> Date: Thu, 10 Oct 2013 02:23:02 -0400 Subject: Various improvements to CRL handling * Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended. --- lib/public_key/src/pubkey_cert.erl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/public_key/src/pubkey_cert.erl') diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index d9288e99bb..07469e342f 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -319,6 +319,8 @@ verify_fun(Otpcert, Result, UserState0, VerifyFun) -> %% %% Description: Extracts a specific extension from a list of extensions. %%-------------------------------------------------------------------- +select_extension(_, asn1_NOVALUE) -> + undefined; select_extension(_, []) -> undefined; select_extension(Id, [#'Extension'{extnID = Id} = Extension | _]) -> @@ -341,8 +343,8 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> case split_uri(URI) of incomplete -> false; - {_, _, Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, Host, + {_, _, _Host, _, _} -> + match_name(fun is_valid_host_or_domain/2, URI, PermittedName, Rest) end; -- cgit v1.2.3 From 9756dcd97cd819c9b2d64c35dd36550f99600e92 Mon Sep 17 00:00:00 2001 From: Andrew Thompson <andrew@hijacked.us> Date: Sat, 8 Feb 2014 00:58:11 -0500 Subject: Rework IDP validation according to the RFC, fix public_key tests --- lib/public_key/src/pubkey_cert.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/public_key/src/pubkey_cert.erl') diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index 07469e342f..6272fae91b 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -343,8 +343,8 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> case split_uri(URI) of incomplete -> false; - {_, _, _Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, URI, + {_, _, Host, _, _} -> + match_name(fun is_valid_host_or_domain/2, Host, PermittedName, Rest) end; -- cgit v1.2.3 From 8c8999af805265704ce0a3029c85a33f4d42c145 Mon Sep 17 00:00:00 2001 From: Hans Nilsson <hans@erlang.org> Date: Fri, 7 Mar 2014 11:04:42 +0100 Subject: ssl, pubkey: Code and test adjustments --- lib/public_key/src/pubkey_cert.erl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib/public_key/src/pubkey_cert.erl') diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index 6272fae91b..ae517ca642 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -344,8 +344,11 @@ match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> incomplete -> false; {_, _, Host, _, _} -> - match_name(fun is_valid_host_or_domain/2, Host, - PermittedName, Rest) + PN = case split_uri(PermittedName) of + {_, _, PNhost, _, _} -> PNhost; + _X -> PermittedName + end, + match_name(fun is_valid_host_or_domain/2, Host, PN, Rest) end; match_name(emailAddress, Name, [PermittedName | Rest]) -> -- cgit v1.2.3