Support R18 wrt detoxing precerts.CATLFISH-80

Fixes CATLFISH-80.

2 files changed, 11 insertions, 4 deletions

diff --git a/src/catlfish_compat.erl b/src/catlfish_compat.erl
index 55c2b2e..183eb44 100644
--- a/src/catlfish_compat.erl
+++ b/src/catlfish_compat.erl
@@ -1,11 +1,13 @@
 -module(catlfish_compat).
--export([unpack_issuer/1, unpack_signature/1]).
+-export([unpack_issuer/1, unpack_signature/1, poison_val/1]).
 -include_lib("public_key/include/public_key.hrl").
 
 unpack_issuer(Issuer) ->
     unpack_issuer(erlang:system_info(otp_release), Issuer).
 unpack_signature(Signature) ->
     unpack_signature(erlang:system_info(otp_release), Signature).
+poison_val(Value) ->
+    poison_val(erlang:system_info(otp_release), Value).
 
 %% @doc Dig out alg, params and key from issuer.
 unpack_issuer("17", Issuer) ->
@@ -25,3 +27,9 @@ unpack_signature("17", Signature) ->
     Sig;
 unpack_signature("18", Signature) ->
     Signature.
+
+%% Use a list for R17 and a binary for newer versions.
+poison_val("17", Val) ->
+    Val;
+poison_val("18", Val) ->
+    list_to_binary(Val).
diff --git a/src/x509.erl b/src/x509.erl
index 7ae73c3..9159cb3 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -326,11 +326,10 @@ remove_poison_ext(#'Certificate'{tbsCertificate = TBSCert}) ->
                pubkey_cert:extensions_list(TBSCert#'TBSCertificate'.extensions)),
     TBSCert#'TBSCertificate'{extensions = Extensions}.
 
--spec poisoned_leaf_p(binary()) -> boolean().
 poisoned_leaf_p(#'Extension'{extnID = ?LEAF_POISON_OID,
                              critical = true,
-                             extnValue = ?LEAF_POISON_VAL}) ->
-    true;
+                             extnValue = ExtnValue}) ->
+    ExtnValue =:= catlfish_compat:poison_val(?LEAF_POISON_VAL);
 poisoned_leaf_p(_) ->
     false.