Merge branch 'validate-certchain'

author: Linus Nordberg <linus@nordberg.se> 2014-10-22 16:50:49 +0200
committer: Linus Nordberg <linus@nordberg.se> 2014-10-22 16:50:49 +0200
commit: 3369c0a521456851ae7210e97ed965c7761ae064 (patch)
tree: 19025de553d33b985bd66729131257ee9dad728c /src/v1.erl
parent: 92d8435250a9d8d498e129f91e64045bfd30e7b9 (diff)
parent: 0aeb7d1de8e50dd0fa92e763ce4c8dd3c172dac8 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/v1.erl b/src/v1.erl
index ba5c456..46b5235 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -22,7 +22,13 @@
                         html("add-chain: invalid base64-encoded chain: ",
                              [ChainBase64]);
                     [LeafCert | CertChain] ->
-                        catlfish:add_chain(LeafCert, CertChain);
+                        Roots = catlfish:known_roots(),
+                        case x509:normalise_chain(Roots, [LeafCert|CertChain]) of
+                            {ok, [Leaf | Chain]} ->
+                                catlfish:add_chain(Leaf, Chain);
+                            {Err, Msg} ->
+                                html("add-chain: ", [Msg, Err])
+                        end;
                     Invalid ->
                         html("add-chain: chain is not a list: ", [Invalid])
                 end;
@@ -125,7 +131,9 @@
     deliver(SessionID, R).
 
 'get-roots'(SessionID, _Env, _Input) ->
-    R = [{certificates, []}],                   % NIY.
+    R = [{certificates,
+          [base64:encode(Der) ||
+              Der <- catlfish:update_known_roots()]}],
     deliver(SessionID, binary_to_list(jiffy:encode({R}))).
 
 %% Private functions.
author	Linus Nordberg <linus@nordberg.se>	2014-10-22 16:50:49 +0200
committer	Linus Nordberg <linus@nordberg.se>	2014-10-22 16:50:49 +0200
commit	3369c0a521456851ae7210e97ed965c7761ae064 (patch)
tree	19025de553d33b985bd66729131257ee9dad728c /src/v1.erl
parent	92d8435250a9d8d498e129f91e64045bfd30e7b9 (diff)
parent	0aeb7d1de8e50dd0fa92e763ce4c8dd3c172dac8 (diff)