From 6cced538abd4f8053c009b163efa8c6d568b9580 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 9 Sep 2010 17:07:22 +0200 Subject: Improved certificate extension handling Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try. --- lib/ssl/src/ssl_certificate.erl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/ssl/src/ssl_certificate.erl') diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index 6cf57ced81..206024315e 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -34,7 +34,6 @@ -export([trusted_cert_and_path/2, certificate_chain/2, file_to_certificats/1, - %validate_extensions/6, validate_extension/3, is_valid_extkey_usage/2, is_valid_key_usage/2, @@ -118,8 +117,7 @@ file_to_certificats(File) -> %% Description: Validates ssl/tls specific extensions %%-------------------------------------------------------------------- validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage', - extnValue = KeyUse, - critical = true}}, Role) -> + extnValue = KeyUse}}, Role) -> case is_valid_extkey_usage(KeyUse, Role) of true -> {valid, Role}; @@ -128,8 +126,10 @@ validate_extension(_,{extension, #'Extension'{extnID = ?'id-ce-extKeyUsage', end; validate_extension(_, {bad_cert, _} = Reason, _) -> {fail, Reason}; -validate_extension(_, _, Role) -> - {unknown, Role}. +validate_extension(_, {extension, _}, Role) -> + {unknown, Role}; +validate_extension(_, valid, Role) -> + {valid, Role}. %%-------------------------------------------------------------------- -spec is_valid_key_usage(list(), term()) -> boolean(). -- cgit v1.2.3