diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2021-06-01 09:11:19 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2021-06-11 11:26:03 +0200 |
commit | 8fe55f4ff98dfe66da320f60a62c20daf46bd789 (patch) | |
tree | 3512ff8d0061abe12d5177d2487a00da315d4970 /lib/public_key/src/public_key.erl | |
parent | a23364516485d7320b18c1285ac3a9df551c93b5 (diff) | |
download | erlang-8fe55f4ff98dfe66da320f60a62c20daf46bd789.tar.gz |
public_key: Allow verify_fun to alter expire reason
This allows applications to distinguish between a trusted anchor cert
expiration and a normal cert expiration
Diffstat (limited to 'lib/public_key/src/public_key.erl')
-rw-r--r-- | lib/public_key/src/public_key.erl | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 44031af11b..23883b6a39 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -1110,18 +1110,18 @@ pkix_path_validation(TrustedCert, CertChain, Options) pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options) when is_list(CertChain), is_list(Options) -> MaxPathDefault = length(CertChain), - {VerifyFun, Userstat0} = + {VerifyFun, UserState0} = proplists:get_value(verify_fun, Options, ?DEFAULT_VERIFYFUN), - try pubkey_cert:validate_time(TrustedCert, Userstat0, VerifyFun) of - Userstate1 -> + try pubkey_cert:validate_time(TrustedCert, UserState0, VerifyFun) of + UserState1 -> ValidationState = pubkey_cert:init_validation_state(TrustedCert, MaxPathDefault, - [{verify_fun, {VerifyFun, Userstate1}} | + [{verify_fun, {VerifyFun, UserState1}} | proplists:delete(verify_fun, Options)]), path_validation(CertChain, ValidationState) catch - throw:{bad_cert, cert_expired} = Reason -> - {error, Reason} + throw:{bad_cert, _} = Result -> + {error, Result} end. %-------------------------------------------------------------------- |