File 3241-public_key-Allow-verify_fun-to-alter-expire-reason.patch of Package erlang
From 8fe55f4ff98dfe66da320f60a62c20daf46bd789 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 1 Jun 2021 09:11:19 +0200
Subject: [PATCH 1/3] public_key: Allow verify_fun to alter expire reason
This allows applications to distinguish between a trusted anchor cert
expiration and a normal cert expiration
---
lib/public_key/src/public_key.erl | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 44031af11b..23883b6a39 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -1110,18 +1110,18 @@ pkix_path_validation(TrustedCert, CertChain, Options)
pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options)
when is_list(CertChain), is_list(Options) ->
MaxPathDefault = length(CertChain),
- {VerifyFun, Userstat0} =
+ {VerifyFun, UserState0} =
proplists:get_value(verify_fun, Options, ?DEFAULT_VERIFYFUN),
- try pubkey_cert:validate_time(TrustedCert, Userstat0, VerifyFun) of
- Userstate1 ->
+ try pubkey_cert:validate_time(TrustedCert, UserState0, VerifyFun) of
+ UserState1 ->
ValidationState = pubkey_cert:init_validation_state(TrustedCert,
MaxPathDefault,
- [{verify_fun, {VerifyFun, Userstate1}} |
+ [{verify_fun, {VerifyFun, UserState1}} |
proplists:delete(verify_fun, Options)]),
path_validation(CertChain, ValidationState)
catch
- throw:{bad_cert, cert_expired} = Reason ->
- {error, Reason}
+ throw:{bad_cert, _} = Result ->
+ {error, Result}
end.
%--------------------------------------------------------------------
--
2.26.2
