From 4dbf3c9e4ae7cfd19b247353369166d31b8f15e5 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 17 Jan 2011 11:24:19 +0100 Subject: Verification of a critical extended_key_usage-extension corrected When a verify fun is supplied, it should not be called to verify the extended_key_usage-extension when it is already verified by the ssl_certificate:validate_extension/2 --- lib/ssl/src/ssl_handshake.erl | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'lib/ssl/src/ssl_handshake.erl') diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 125c28b373..1f4c44d115 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2010. All Rights Reserved. +%% Copyright Ericsson AB 2007-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -194,14 +194,12 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbRef, {fun(OtpCert, ExtensionOrError, {SslState, UserState}) -> case ssl_certificate:validate_extension(OtpCert, ExtensionOrError, - SslState) of - {valid, _} -> - apply_user_fun(Fun, OtpCert, - ExtensionOrError, UserState, - SslState); - {fail, Reason} -> - apply_user_fun(Fun, OtpCert, Reason, UserState, - SslState); + SslState) of + {valid, NewSslState} -> + {valid, {NewSslState, UserState}}; + {fail, Reason} -> + apply_user_fun(Fun, OtpCert, Reason, UserState, + SslState); {unknown, _} -> apply_user_fun(Fun, OtpCert, ExtensionOrError, UserState, SslState) -- cgit v1.2.3