summaryrefslogtreecommitdiff
path: root/src/catlfish.erl
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2014-11-18 11:21:15 +0100
committerLinus Nordberg <linus@nordberg.se>2014-11-18 11:23:59 +0100
commit5847ef948baeadf4582234f4c3e7ecff2791b4cf (patch)
treee25cbcfb6e570a113a069c26c1b81d5117472229 /src/catlfish.erl
parent293b1df48c6d376dee0f1f2512486b8a68488a9c (diff)
Verify certificates by decoding them as 'plain' certs rather than 'otp.
OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl.
Diffstat (limited to 'src/catlfish.erl')
-rw-r--r--src/catlfish.erl56
1 files changed, 7 insertions, 49 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 98ec4dd..83ca3db 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -177,66 +177,24 @@ known_roots() ->
undefined -> []
end.
--spec known_roots(file:filename(), use_cache|update_tab) -> list().
+-spec known_roots(file:filename(), use_cache|update_tab) -> [binary()].
known_roots(Directory, CacheUsage) ->
case CacheUsage of
use_cache ->
case ets:lookup(?CACHE_TABLE, ?ROOTS_CACHE_KEY) of
[] ->
- read_pemfiles_from_dir(Directory);
+ read_files_and_udpate_table(Directory);
[{roots, DerList}] ->
DerList
end;
update_tab ->
- read_pemfiles_from_dir(Directory)
+ read_files_and_udpate_table(Directory)
end.
--spec read_pemfiles_from_dir(file:filename()) -> list().
-read_pemfiles_from_dir(Dir) ->
- DerList =
- case file:list_dir(Dir) of
- {error, enoent} ->
- []; % FIXME: log enoent
- {error, _Reason} ->
- []; % FIXME: log Reason
- {ok, Filenames} ->
- Files = lists:filter(
- fun(F) ->
- string:equal(".pem", filename:extension(F))
- end,
- Filenames),
- ders_from_pemfiles(Dir, Files)
- end,
- true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, DerList}),
- DerList.
-
-ders_from_pemfiles(Dir, Filenames) ->
- L = [ders_from_pemfile(filename:join(Dir, X)) || X <- Filenames],
- lists:flatten(L).
-
-ders_from_pemfile(Filename) ->
- Pems = case (catch public_key:pem_decode(pems_from_file(Filename))) of
- {'EXIT', Reason} ->
- lager:info("badly encoded cert in ~p: ~p", [Filename, Reason]),
- [];
- P -> P
- end,
- [der_from_pem(X) || X <- Pems].
-
--include_lib("public_key/include/public_key.hrl").
-der_from_pem(Pem) ->
- case Pem of
- {_Type, Der, not_encrypted} ->
- case x509:valid_cert_p(Der) of
- true -> Der;
- false -> []
- end;
- _ -> []
- end.
-
-pems_from_file(Filename) ->
- {ok, Pems} = file:read_file(Filename),
- Pems.
+read_files_and_udpate_table(Directory) ->
+ L = x509:read_pemfiles_from_dir(Directory),
+ true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, L}),
+ L.
%%%%%%%%%%%%%%%%%%%%
%% Testing internal functions.