From f5d3597bcaff3109f0b9b1bd8b5d661bb04bb1e4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 23 Sep 2010 14:03:08 +0200
Subject: Better handling of v1 and v2 certificates.

V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
---
 lib/public_key/src/pubkey_cert.erl | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'lib/public_key')

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index e704c168f1..f3e32617af 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -223,10 +223,15 @@ validate_revoked_status(_OtpCert, UserState, _VerifyFun) ->
 %%--------------------------------------------------------------------	
 validate_extensions(OtpCert, ValidationState, UserState, VerifyFun) ->
     TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
-    Extensions = TBSCert#'OTPTBSCertificate'.extensions,
-    validate_extensions(OtpCert, Extensions, ValidationState, no_basic_constraint,
-			is_self_signed(OtpCert), UserState, VerifyFun).
-
+    case TBSCert#'OTPTBSCertificate'.version of
+	N when N >= 3 ->
+	    Extensions = TBSCert#'OTPTBSCertificate'.extensions,
+	    validate_extensions(OtpCert, Extensions,
+				ValidationState, no_basic_constraint,
+				is_self_signed(OtpCert), UserState, VerifyFun);
+	_ -> %% Extensions not present in versions 1 & 2
+	    {ValidationState, UserState}
+    end.
 %%--------------------------------------------------------------------
 -spec normalize_general_name({rdnSequence, term()}) -> {rdnSequence, term()}. 
 %%
-- 
cgit v1.2.3