From 1e86615a14d73f06e3751bc6c3dfbe117b61e2cc Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Fri, 11 Sep 2015 15:33:07 +0200
Subject: Verify MTL against leaf hash before returning get-entries.

Closes CATLFISH-50.
---
 src/catlfish.erl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/catlfish.erl')

diff --git a/src/catlfish.erl b/src/catlfish.erl
index 68e96ea..4bf1cdf 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -326,10 +326,11 @@ unpack_certchain(Data) ->
 x_entries([]) ->
     [];
 x_entries([H|T]) ->
-    {_Index, _Hash, Entry} = H,
-    {Type, MTL, Cert, Chain} = unpack_entry(Entry),
+    {_Index, LeafHash, Entry} = H,
+    {Type, MTLText, Cert, Chain} = unpack_entry(Entry),
+    LeafHash = ht:leaf_hash(MTLText),
     ExtraData = serialise_extra_data(Type, Cert, Chain),
-    [{[{leaf_input, base64:encode(MTL)},
+    [{[{leaf_input, base64:encode(MTLText)},
        {extra_data, base64:encode(ExtraData)}]} | x_entries(T)].
 
 -spec encode_tls_vector(binary(), non_neg_integer()) -> binary().
-- 
cgit v1.1