PATCH - public_key should handle unknown attribute types
Will
wglozer@REDACTED
Sat Jul 4 21:46:39 CEST 2009
Odd, gmail clearly shows the diff attached, but it doesn't seem to
have made it through the mailing list processing. Here's an inline
copy...
On Sat, Jul 4, 2009 at 11:01 AM, Will<wglozer@REDACTED> wrote:
> Hi,
>
> SSL handshaking with new_ssl will fail when a certificate contains
> attributes unknown to the public_key module. Here is a patch that
> leaves the attribute value encoded when its type is unknown.
>
> -Will
>
diff -r 80795205fd0a src/pubkey_cert_records.erl
--- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
+++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
@@ -187,8 +187,11 @@
end, Exts).
transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
- Type = attribute_type(Id),
- {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
+ {ok, Value} =
+ case attribute_type(Id) of
+ Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
+ _UnknownType -> {ok, Value0}
+ end,
ATAV#'AttributeTypeAndValue'{value=Value};
transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
@@ -231,7 +234,8 @@
attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
attribute_type(?'id-domainComponent') -> 'DomainComponent';
-attribute_type(?'id-emailAddress') -> 'EmailAddress'.
+attribute_type(?'id-emailAddress') -> 'EmailAddress';
+attribute_type(Type) -> Type.
%%% Old code transforms
More information about the erlang-bugs
mailing list