From d941ea72210224c4ee80c304b8b0d3aa54b80e3b Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 29 May 2015 18:15:22 +0200 Subject: Add verification of whole entry. Implement library call for plop verification. --- verifycert.erl | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'verifycert.erl') diff --git a/verifycert.erl b/verifycert.erl index f2f679d..e7cdd86 100755 --- a/verifycert.erl +++ b/verifycert.erl @@ -1,6 +1,6 @@ #!/usr/bin/env escript %% -*- erlang -*- -%%! -pa lib/catlfish-0.8.0-dev.ez/catlfish-0.8.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin +%%! -pa lib/catlfish-0.8.0-dev.ez/catlfish-0.8.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin -pa lib/plop-0.7.0.ez/plop-0.7.0/ebin write_reply(Bin) -> Length = size(Bin), @@ -8,10 +8,8 @@ write_reply(Bin) -> verify(RootCerts, DBEntry) -> try - Chain = catlfish:chain_from_entry(DBEntry), - %% XXX: doesn't verify that MTL is derived from Chain - case x509:normalise_chain(RootCerts, Chain) of - {ok, _} -> + case catlfish:verify_entry(DBEntry, RootCerts) of + {ok, _MTLHash} -> write_reply(<<0:8>>); {error, Reason} -> ReasonBin = list_to_binary(io_lib:format("~p", [Reason])), -- cgit v1.1