Verify MTL against leaf hash before returning get-entries.

Closes CATLFISH-50.
author: Linus Nordberg <linus@nordu.net> 2015-09-11 15:33:07 +0200
committer: Linus Nordberg <linus@nordu.net> 2015-09-15 17:47:33 +0200
commit: 1e86615a14d73f06e3751bc6c3dfbe117b61e2cc (patch)
tree: 877404e19ca8e8820d65897d104c6b85737ca108
parent: d08e438c6ef3db202b83cc64c88d0cd6131b5d5a (diff)
2 files changed, 5 insertions, 3 deletions
diff --git a/NEWS.md b/NEWS.md
index 84a5a6c..c4702c2 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -14,6 +14,7 @@
   determine if an STH is fresh enough. Default if not configured is
   86400, equals 24 hours (closes CATLFISH-51).
 - New config group 'ratelimits' (closes CATLFISH-52).
+- Verification of leaf data when read from disk (closes CATLFISH-50).
 
 ## Bug fixes
 
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 68e96ea..4bf1cdf 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -326,10 +326,11 @@ unpack_certchain(Data) ->
 x_entries([]) ->
     [];
 x_entries([H|T]) ->
-    {_Index, _Hash, Entry} = H,
-    {Type, MTL, Cert, Chain} = unpack_entry(Entry),
+    {_Index, LeafHash, Entry} = H,
+    {Type, MTLText, Cert, Chain} = unpack_entry(Entry),
+    LeafHash = ht:leaf_hash(MTLText),
     ExtraData = serialise_extra_data(Type, Cert, Chain),
-    [{[{leaf_input, base64:encode(MTL)},
+    [{[{leaf_input, base64:encode(MTLText)},
        {extra_data, base64:encode(ExtraData)}]} | x_entries(T)].
 
 -spec encode_tls_vector(binary(), non_neg_integer()) -> binary().
author	Linus Nordberg <linus@nordu.net>	2015-09-11 15:33:07 +0200
committer	Linus Nordberg <linus@nordu.net>	2015-09-15 17:47:33 +0200
commit	1e86615a14d73f06e3751bc6c3dfbe117b61e2cc (patch)
tree	877404e19ca8e8820d65897d104c6b85737ca108
parent	d08e438c6ef3db202b83cc64c88d0cd6131b5d5a (diff)