From 8fe55f4ff98dfe66da320f60a62c20daf46bd789 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 1 Jun 2021 09:11:19 +0200 Subject: public_key: Allow verify_fun to alter expire reason This allows applications to distinguish between a trusted anchor cert expiration and a normal cert expiration --- lib/public_key/src/public_key.erl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/public_key/src/public_key.erl') diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 44031af11b..23883b6a39 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -1110,18 +1110,18 @@ pkix_path_validation(TrustedCert, CertChain, Options) pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options) when is_list(CertChain), is_list(Options) -> MaxPathDefault = length(CertChain), - {VerifyFun, Userstat0} = + {VerifyFun, UserState0} = proplists:get_value(verify_fun, Options, ?DEFAULT_VERIFYFUN), - try pubkey_cert:validate_time(TrustedCert, Userstat0, VerifyFun) of - Userstate1 -> + try pubkey_cert:validate_time(TrustedCert, UserState0, VerifyFun) of + UserState1 -> ValidationState = pubkey_cert:init_validation_state(TrustedCert, MaxPathDefault, - [{verify_fun, {VerifyFun, Userstate1}} | + [{verify_fun, {VerifyFun, UserState1}} | proplists:delete(verify_fun, Options)]), path_validation(CertChain, ValidationState) catch - throw:{bad_cert, cert_expired} = Reason -> - {error, Reason} + throw:{bad_cert, _} = Result -> + {error, Result} end. %-------------------------------------------------------------------- -- cgit v1.2.1