summaryrefslogtreecommitdiff
path: root/src/x509.erl
diff options
context:
space:
mode:
Diffstat (limited to 'src/x509.erl')
-rw-r--r--src/x509.erl15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/x509.erl b/src/x509.erl
index b0363cd..32ade83 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -31,7 +31,6 @@ normalise_chain(AcceptableRootCerts, CertChain) ->
%% an acceptable root cert. Order of certificates in second argument
%% is: leaf cert in head, chain in tail. Order of first argument is
%% irrelevant.
-
-spec valid_chain_p([binary()], [binary()], integer()) ->
{false, reason()} | {true, list()}.
valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 ->
@@ -279,8 +278,8 @@ sign_test_() ->
valid_cert_test_() ->
{setup,
- fun() -> {read_pemfiles_from_dir("../test/testdata/known_roots"),
- read_certs("../test/testdata/chains")} end,
+ fun() -> {read_pemfiles_from_dir("test/testdata/known_roots"),
+ read_certs("test/testdata/chains")} end,
fun(_) -> ok end,
fun({KnownRoots, Chains}) ->
[
@@ -298,7 +297,13 @@ valid_cert_test_() ->
%% leaf signed by known CA
?_assertMatch({true, _},
valid_chain_p(KnownRoots,
- lists:nth(3, Chains), 10))
+ lists:nth(3, Chains), 10)),
+ %% bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
+ %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
+ %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
+ ?_assertMatch({true, _},
+ valid_chain_p(lists:nth(4, Chains),
+ lists:nth(4, Chains), 10))
] end}.
chain_test_() ->
@@ -320,8 +325,6 @@ chain_test(C0, C1) ->
?_assertMatch({false, chain_too_long}, valid_chain_p([C1], [C0, C1], 1)),
%% Root not in trust store.
?_assertMatch({false, root_unknown}, valid_chain_p([], [C0, C1], 10)),
- %% Invalid signer.
- ?_assertMatch({false, chain_broken}, valid_chain_p([C0], [C1, C0], 10)),
%% Selfsigned. Actually OK.
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 10)),
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 1)),