From 044f622ac3759001b0fa100e7dc5ab378caa4c72 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 17 Sep 2010 17:06:46 +0200
Subject: Handling of DSA key parameters

DSS-Params  may be null in a certificate as it can inherit the
parameters.

Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
---
 lib/ssl/src/ssl_certificate_db.erl | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index 86477f369d..39d9847e3b 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -216,9 +216,15 @@ add_certs_from_file(File, Ref, CertsDb) ->
     [Add(Cert) || {'Certificate', Cert, not_encrypted} <- PemEntries].
     
 add_certs(Cert, Ref, CertsDb) ->
-    ErlCert = public_key:pkix_decode_cert(Cert, otp),
-    TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
-    SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
-    Issuer = public_key:pkix_normalize_name(
-	       TBSCertificate#'OTPTBSCertificate'.issuer),
-    insert({Ref, SerialNumber, Issuer}, {Cert,ErlCert}, CertsDb).
+    try  ErlCert = public_key:pkix_decode_cert(Cert, otp),
+	 TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
+	 SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
+	 Issuer = public_key:pkix_normalize_name(
+		    TBSCertificate#'OTPTBSCertificate'.issuer),
+	 insert({Ref, SerialNumber, Issuer}, {Cert,ErlCert}, CertsDb)
+    catch
+	error:Reason ->
+	    Report = io_lib:format("SSL WARNING: Ignoring CA cert: ~p~n Due to decoding error:~p ~n",
+				   [Cert, Reason]),
+	    error_logger:info_report(Report)
+    end.
-- 
cgit v1.2.3