summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/x509.erl28
1 files changed, 14 insertions, 14 deletions
diff --git a/src/x509.erl b/src/x509.erl
index eae1468..c3a829f 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -400,36 +400,36 @@ valid_cert_test_() ->
fun({KnownRoots, Chains}) ->
[
%% Self-signed but verified against itself so pass.
- %% Not a valid OTPCertificate:
- %% {error,{asn1,{invalid_choice_tag,{22,<<"US">>}}}}
- %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0)
- %% FIXME: This error doesn't make much sense -- is my
- %% environment borked?
- ?_assertMatch({true, _}, normalise_chain(lists:nth(1, Chains),
- lists:nth(1, Chains), 10)),
+ %% Note that this certificate is rejected by the
+ %% stricter OTP-PKIX.asn1 specification generating
+ %% #'OTPCertificate'{}. The error is
+ %% {invalid_choice_tag,{22,<<"US">>}}}} in
+ %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0).
+ ?_assertMatch({true, _}, normalise_chain(nth(1, Chains),
+ nth(1, Chains), 10)),
%% Self-signed so fail.
?_assertMatch({false, root_unknown},
normalise_chain(KnownRoots,
- lists:nth(2, Chains), 10)),
+ nth(2, Chains), 10)),
%% Leaf signed by known CA, pass.
?_assertMatch({true, _}, normalise_chain(KnownRoots,
- lists:nth(3, Chains), 10)),
+ nth(3, Chains), 10)),
%% Proper 3-depth chain with root in KnownRoots, pass.
%% Bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
%% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
%% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
?_assertMatch({true, _}, normalise_chain(KnownRoots,
- lists:nth(4, Chains), 3)),
+ nth(4, Chains), 3)),
%% Verify against self, pass.
%% Bug CATLFISH-??, can't handle issuer keytype ECPoint.
%% Issuer sha1: 6969562e4080f424a1e7199f14baf3ee58ab6abb
- ?_assertMatch(true, signed_by_p(hd(lists:nth(5, Chains)),
- hd(lists:nth(5, Chains)))),
+ ?_assertMatch(true, signed_by_p(hd(nth(5, Chains)),
+ hd(nth(5, Chains)))),
%% Unsupported signature algorithm MD2-RSA, fail.
%% Signature Algorithm: md2WithRSAEncryption
%% CA cert with sha1 96974cd6b663a7184526b1d648ad815cf51e801a
- ?_assertMatch(false, signed_by_p(hd(lists:nth(6, Chains)),
- hd(lists:nth(6, Chains))))
+ ?_assertMatch(false, signed_by_p(hd(nth(6, Chains)),
+ hd(nth(6, Chains))))
] end}.
chain_test_() ->