Add verification of whole entry. Implement library call for plop verification.

author: Magnus Ahltorp <map@kth.se> 2015-05-29 18:15:22 +0200
committer: Linus Nordberg <linus@nordu.net> 2015-06-10 16:54:55 +0200
commit: d941ea72210224c4ee80c304b8b0d3aa54b80e3b (patch)
tree: 0cf764f1e5361945cbb7dd86bee3c5c00f17bb65 /verifycert.erl
parent: 19fef0841db6998a4b19d49e4feca83149f077c5 (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/verifycert.erl b/verifycert.erl
index f2f679d..e7cdd86 100755
--- a/verifycert.erl
+++ b/verifycert.erl
@@ -1,6 +1,6 @@
 #!/usr/bin/env escript
 %% -*- erlang -*-
-%%! -pa lib/catlfish-0.8.0-dev.ez/catlfish-0.8.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin
+%%! -pa lib/catlfish-0.8.0-dev.ez/catlfish-0.8.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin -pa lib/plop-0.7.0.ez/plop-0.7.0/ebin
 
 write_reply(Bin) ->
     Length = size(Bin),
@@ -8,10 +8,8 @@ write_reply(Bin) ->
 
 verify(RootCerts, DBEntry) ->
     try
-        Chain = catlfish:chain_from_entry(DBEntry),
-        %% XXX: doesn't verify that MTL is derived from Chain
-        case x509:normalise_chain(RootCerts, Chain) of
-            {ok, _} ->
+        case catlfish:verify_entry(DBEntry, RootCerts) of
+            {ok, _MTLHash} ->
                 write_reply(<<0:8>>);
             {error, Reason} ->
                 ReasonBin = list_to_binary(io_lib:format("~p", [Reason])),
author	Magnus Ahltorp <map@kth.se>	2015-05-29 18:15:22 +0200
committer	Linus Nordberg <linus@nordu.net>	2015-06-10 16:54:55 +0200
commit	d941ea72210224c4ee80c304b8b0d3aa54b80e3b (patch)
tree	0cf764f1e5361945cbb7dd86bee3c5c00f17bb65 /verifycert.erl
parent	19fef0841db6998a4b19d49e4feca83149f077c5 (diff)