From b61ad04f22e580e6c651ecbef8abfd26d8c8b71f Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 17 Jul 2015 18:54:33 +0200 Subject: Verify entries properly. Maybe. --- src/catlfish.erl | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/catlfish.erl b/src/catlfish.erl index 35cee4e..5f0c328 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -293,20 +293,15 @@ verify_entry(Entry) -> RootCerts = known_roots(), verify_entry(Entry, RootCerts). -verify_entry(Entry, RootCerts) -> +verify_entry(Entry, _RootCerts) -> {MTL, ExtraData} = mtl_and_extra_from_entry(Entry), Chain = chain_from_mtl_extradata(MTL, ExtraData), - case x509:normalise_chain(RootCerts, Chain) of - {ok, [LeafCert|CertChain]} -> - case verify_mtl(MTL, LeafCert, CertChain) of - ok -> - {ok, ht:leaf_hash(serialise(MTL))}; - error -> - {error, "MTL verification failed"} - end; - {error, Reason} -> - {error, Reason} + case verify_mtl(MTL, Chain, []) of + ok -> + {ok, ht:leaf_hash(serialise(MTL))}; + error -> + {error, "MTL verification failed"} end. entryhash_from_entry(Entry) -> -- cgit v1.1