diff options
author | Ingela Andin <ingela@erlang.org> | 2020-05-26 16:11:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-26 16:11:33 +0200 |
commit | 733eb415e8ae2234861ec2ed0a9d1bd4ca2cb858 (patch) | |
tree | 9daa28b06dc4ff6e5a2f152ba1fcb15ebe7701a6 | |
parent | f80e7e40f194243f788a8e47fdfc9e9826cc1072 (diff) | |
parent | b756880e6bb3c56c20e7c9ad8325ef2c75628552 (diff) | |
download | erlang-733eb415e8ae2234861ec2ed0a9d1bd4ca2cb858.tar.gz |
Merge pull request #2635 from sircinek/user-defined-tls-alert-for-selfsigned-cert
Enable User defined TLS alert for selfsigned cert
OTP-16592
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 4 | ||||
-rw-r--r-- | lib/public_key/src/public_key.erl | 4 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 13 |
3 files changed, 19 insertions, 2 deletions
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 8a6d0e84ca..3e72f88894 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -450,6 +450,10 @@ fun(OtpCert :: #'OTPCertificate'{}, verifying application-specific extensions. If called with an extension unknown to the user application, the return value <c>{unknown, UserState}</c> is to be used.</p> + <warning><p> + Note that user defined custom <c>verify_fun</c> may alter original + path validation error (e.g <c>selfsigned_peer</c>). Use with caution. + </p></warning> </item> <tag>{max_path_length, integer()}</tag> diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 117ae613cc..e1f5f7576e 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -962,8 +962,8 @@ pkix_path_validation(PathErr, [Cert | Chain], Options0) when is_atom(PathErr)-> Options = proplists:delete(verify_fun, Options0), pkix_path_validation(Otpcert, Chain, [{verify_fun, {VerifyFun, Userstate}}| Options]); - {fail, _} -> - {error, Reason} + {fail, UserReason} -> + {error, UserReason} catch _:_ -> {error, Reason} diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index f183e92eaf..3b2f1b7184 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -631,6 +631,19 @@ pkix_path_validation(Config) when is_list(Config) -> {ok, _} = public_key:pkix_path_validation(unknown_ca, [Cert1], [{verify_fun, VerifyFunAndState1}]), + + VerifyFunAndState2 = + {fun(_, {bad_cert, selfsigned_peer}, _UserState) -> + {fail, custom_reason}; + (_,{extension, _}, UserState) -> + {unknown, UserState}; + (_, valid, UserState) -> + {valid, UserState} + end, []}, + + {error, custom_reason} = + public_key:pkix_path_validation(selfsigned_peer, [Trusted], [{verify_fun, + VerifyFunAndState2}]), ok. %%-------------------------------------------------------------------- |