summaryrefslogtreecommitdiff
path: root/src/x509.erl
Commit message (Collapse)AuthorAgeFilesLines
* Stop validating that cert.issuer matches issuer.subject.Linus Nordberg2015-02-201-46/+27
| | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19.
* Make unit tests work again.Linus Nordberg2015-02-191-6/+9
| | | | Makefile target 'check' runs them.
* Verify certificates by decoding them as 'plain' certs rather than 'otp.Linus Nordberg2014-11-181-18/+194
| | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl.
* Log some info about certs that don't parse and why.Linus Nordberg2014-11-051-3/+21
| | | | Also move x509 specific code to the x509 module.
* Catch badly ASN.1-encoded certificates.Linus Nordberg2014-10-241-13/+26
| | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality.
* Log (info) when adding and rejecting a certificate chain.validate-certchainLinus Nordberg2014-10-231-1/+5
| | | | Writing to stdout for now, until we've decided on logging framework.
* Split CertChain properly.Linus Nordberg2014-10-231-1/+1
| | | | This way, Chain is always a list.
* Don't use der_encoded().Linus Nordberg2014-10-231-6/+5
| | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type.
* Implement cert chain validation.Linus Nordberg2014-10-221-0/+137
NOTE: Presence of and constraints on names are not being validated.