diff options
author | Linus Nordberg <linus@nordu.net> | 2015-09-11 15:33:07 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2015-09-11 15:33:07 +0200 |
commit | 26027f4e95871793cb74544de5fd238e2a741533 (patch) | |
tree | 87473cef93fb6e683d0ec5687765da75f99f599f | |
parent | 0157f5512ba45a2f21e003f6ab0e89ef26ec97ea (diff) |
Verify MTL against leaf hash before returning get-entries.CATLFISH-50
Closes CATLFISH-50.
-rw-r--r-- | NEWS.md | 1 | ||||
-rw-r--r-- | src/catlfish.erl | 7 |
2 files changed, 5 insertions, 3 deletions
@@ -14,6 +14,7 @@ determine if an STH is fresh enough. Default if not configured is 86400, equals 24 hours (closes CATLFISH-51). - New config group 'ratelimits' (closes CATLFISH-52). +- Verification of leaf data when read from disk (closes CATLFISH-50). ## Bug fixes diff --git a/src/catlfish.erl b/src/catlfish.erl index 68e96ea..4bf1cdf 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -326,10 +326,11 @@ unpack_certchain(Data) -> x_entries([]) -> []; x_entries([H|T]) -> - {_Index, _Hash, Entry} = H, - {Type, MTL, Cert, Chain} = unpack_entry(Entry), + {_Index, LeafHash, Entry} = H, + {Type, MTLText, Cert, Chain} = unpack_entry(Entry), + LeafHash = ht:leaf_hash(MTLText), ExtraData = serialise_extra_data(Type, Cert, Chain), - [{[{leaf_input, base64:encode(MTL)}, + [{[{leaf_input, base64:encode(MTLText)}, {extra_data, base64:encode(ExtraData)}]} | x_entries(T)]. -spec encode_tls_vector(binary(), non_neg_integer()) -> binary(). |