diff options
| author | Linus Nordberg <linus@nordberg.se> | 2014-11-18 11:21:15 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordberg.se> | 2014-11-18 11:23:59 +0100 |
| commit | 5847ef948baeadf4582234f4c3e7ecff2791b4cf (patch) | |
| tree | e25cbcfb6e570a113a069c26c1b81d5117472229 /src/catlfish.erl | |
| parent | 293b1df48c6d376dee0f1f2512486b8a68488a9c (diff) | |
Verify certificates by decoding them as 'plain' certs rather than 'otp.
OTP cert validation is too strict. Let's see if this is forgiving
enough for our needs.
Also, move all cert reading from disk to x509.erl.
Diffstat (limited to 'src/catlfish.erl')
| -rw-r--r-- | src/catlfish.erl | 56 |
1 files changed, 7 insertions, 49 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 98ec4dd..83ca3db 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -177,66 +177,24 @@ known_roots() -> undefined -> [] end. --spec known_roots(file:filename(), use_cache|update_tab) -> list(). +-spec known_roots(file:filename(), use_cache|update_tab) -> [binary()]. known_roots(Directory, CacheUsage) -> case CacheUsage of use_cache -> case ets:lookup(?CACHE_TABLE, ?ROOTS_CACHE_KEY) of [] -> - read_pemfiles_from_dir(Directory); + read_files_and_udpate_table(Directory); [{roots, DerList}] -> DerList end; update_tab -> - read_pemfiles_from_dir(Directory) + read_files_and_udpate_table(Directory) end. --spec read_pemfiles_from_dir(file:filename()) -> list(). -read_pemfiles_from_dir(Dir) -> - DerList = - case file:list_dir(Dir) of - {error, enoent} -> - []; % FIXME: log enoent - {error, _Reason} -> - []; % FIXME: log Reason - {ok, Filenames} -> - Files = lists:filter( - fun(F) -> - string:equal(".pem", filename:extension(F)) - end, - Filenames), - ders_from_pemfiles(Dir, Files) - end, - true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, DerList}), - DerList. - -ders_from_pemfiles(Dir, Filenames) -> - L = [ders_from_pemfile(filename:join(Dir, X)) || X <- Filenames], - lists:flatten(L). - -ders_from_pemfile(Filename) -> - Pems = case (catch public_key:pem_decode(pems_from_file(Filename))) of - {'EXIT', Reason} -> - lager:info("badly encoded cert in ~p: ~p", [Filename, Reason]), - []; - P -> P - end, - [der_from_pem(X) || X <- Pems]. - --include_lib("public_key/include/public_key.hrl"). -der_from_pem(Pem) -> - case Pem of - {_Type, Der, not_encrypted} -> - case x509:valid_cert_p(Der) of - true -> Der; - false -> [] - end; - _ -> [] - end. - -pems_from_file(Filename) -> - {ok, Pems} = file:read_file(Filename), - Pems. +read_files_and_udpate_table(Directory) -> + L = x509:read_pemfiles_from_dir(Directory), + true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, L}), + L. %%%%%%%%%%%%%%%%%%%% %% Testing internal functions. |