From 999bffa05d2f99cb33e14f50ed17b2da331b887b Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Tue, 24 Mar 2015 12:38:14 +0100
Subject: Clarify that 0.test.pem is not a valid #'OTPCertificate'{}.

Also some cosmetic changes.
---
 src/x509.erl | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/x509.erl b/src/x509.erl
index eae1468..c3a829f 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -400,36 +400,36 @@ valid_cert_test_() ->
      fun({KnownRoots, Chains}) ->
              [
               %% Self-signed but verified against itself so pass.
-              %% Not a valid OTPCertificate:
-              %% {error,{asn1,{invalid_choice_tag,{22,<<"US">>}}}}
-              %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0)
-              %% FIXME: This error doesn't make much sense -- is my
-              %% environment borked?
-              ?_assertMatch({true, _}, normalise_chain(lists:nth(1, Chains),
-                                                       lists:nth(1, Chains), 10)),
+              %% Note that this certificate is rejected by the
+              %% stricter OTP-PKIX.asn1 specification generating
+              %% #'OTPCertificate'{}. The error is
+              %% {invalid_choice_tag,{22,<<"US">>}}}} in
+              %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0).
+              ?_assertMatch({true, _}, normalise_chain(nth(1, Chains),
+                                                       nth(1, Chains), 10)),
               %% Self-signed so fail.
               ?_assertMatch({false, root_unknown},
                             normalise_chain(KnownRoots,
-                                            lists:nth(2, Chains), 10)),
+                                            nth(2, Chains), 10)),
               %% Leaf signed by known CA, pass.
               ?_assertMatch({true, _}, normalise_chain(KnownRoots,
-                                                       lists:nth(3, Chains), 10)),
+                                                       nth(3, Chains), 10)),
               %% Proper 3-depth chain with root in KnownRoots, pass.
               %% Bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
               %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
               %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
               ?_assertMatch({true, _}, normalise_chain(KnownRoots,
-                                                       lists:nth(4, Chains), 3)),
+                                                       nth(4, Chains), 3)),
               %% Verify against self, pass.
               %% Bug CATLFISH-??, can't handle issuer keytype ECPoint.
               %% Issuer sha1: 6969562e4080f424a1e7199f14baf3ee58ab6abb
-              ?_assertMatch(true, signed_by_p(hd(lists:nth(5, Chains)),
-                                              hd(lists:nth(5, Chains)))),
+              ?_assertMatch(true, signed_by_p(hd(nth(5, Chains)),
+                                              hd(nth(5, Chains)))),
               %% Unsupported signature algorithm MD2-RSA, fail.
               %% Signature Algorithm: md2WithRSAEncryption
               %% CA cert with sha1 96974cd6b663a7184526b1d648ad815cf51e801a
-              ?_assertMatch(false, signed_by_p(hd(lists:nth(6, Chains)),
-                                               hd(lists:nth(6, Chains))))
+              ?_assertMatch(false, signed_by_p(hd(nth(6, Chains)),
+                                               hd(nth(6, Chains))))
               ] end}.
 
 chain_test_() ->
-- 
cgit v1.1