From ab8fa9c0da53e321da7706c9aba2f549f95df349 Mon Sep 17 00:00:00 2001
From: Marcin Sikora <sircinek@gmail.com>
Date: Sun, 3 May 2020 19:05:40 +0200
Subject: Use user returned path validation error for selfsigned cert; It
 allows user to trigger different TLS alerts than Bad Certificate for path
 validation erros

---
 lib/public_key/test/public_key_SUITE.erl | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'lib/public_key/test/public_key_SUITE.erl')

diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 97a1f14de9..1fd1d2fa76 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -586,6 +586,19 @@ pkix_path_validation(Config) when is_list(Config) ->
     {ok, _} =
 	public_key:pkix_path_validation(unknown_ca, [Cert1], [{verify_fun,
 							      VerifyFunAndState1}]),
+
+    VerifyFunAndState2 =
+        {fun(_, {bad_cert, selfsigned_peer}, _UserState) ->
+                  {fail, custom_reason};
+            (_,{extension, _}, UserState) ->
+		          {unknown, UserState};
+	        (_, valid, UserState) ->
+		          {valid, UserState}
+        end, []},
+
+    {error, custom_reason} =
+        public_key:pkix_path_validation(selfsigned_peer, [Trusted], [{verify_fun,
+                                                                     VerifyFunAndState2}]),
     ok.
 
 %%--------------------------------------------------------------------
-- 
cgit v1.2.1