1 files changed, 14 insertions, 14 deletions

diff --git a/src/x509.erl b/src/x509.erl
index eae1468..c3a829f 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -400,36 +400,36 @@ valid_cert_test_() ->
      fun({KnownRoots, Chains}) ->
              [
               %% Self-signed but verified against itself so pass.
-              %% Not a valid OTPCertificate:
-              %% {error,{asn1,{invalid_choice_tag,{22,<<"US">>}}}}
-              %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0)
-              %% FIXME: This error doesn't make much sense -- is my
-              %% environment borked?
-              ?_assertMatch({true, _}, normalise_chain(lists:nth(1, Chains),
-                                                       lists:nth(1, Chains), 10)),
+              %% Note that this certificate is rejected by the
+              %% stricter OTP-PKIX.asn1 specification generating
+              %% #'OTPCertificate'{}. The error is
+              %% {invalid_choice_tag,{22,<<"US">>}}}} in
+              %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0).
+              ?_assertMatch({true, _}, normalise_chain(nth(1, Chains),
+                                                       nth(1, Chains), 10)),
               %% Self-signed so fail.
               ?_assertMatch({false, root_unknown},
                             normalise_chain(KnownRoots,
-                                            lists:nth(2, Chains), 10)),
+                                            nth(2, Chains), 10)),
               %% Leaf signed by known CA, pass.
               ?_assertMatch({true, _}, normalise_chain(KnownRoots,
-                                                       lists:nth(3, Chains), 10)),
+                                                       nth(3, Chains), 10)),
               %% Proper 3-depth chain with root in KnownRoots, pass.
               %% Bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
               %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
               %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
               ?_assertMatch({true, _}, normalise_chain(KnownRoots,
-                                                       lists:nth(4, Chains), 3)),
+                                                       nth(4, Chains), 3)),
               %% Verify against self, pass.
               %% Bug CATLFISH-??, can't handle issuer keytype ECPoint.
               %% Issuer sha1: 6969562e4080f424a1e7199f14baf3ee58ab6abb
-              ?_assertMatch(true, signed_by_p(hd(lists:nth(5, Chains)),
-                                              hd(lists:nth(5, Chains)))),
+              ?_assertMatch(true, signed_by_p(hd(nth(5, Chains)),
+                                              hd(nth(5, Chains)))),
               %% Unsupported signature algorithm MD2-RSA, fail.
               %% Signature Algorithm: md2WithRSAEncryption
               %% CA cert with sha1 96974cd6b663a7184526b1d648ad815cf51e801a
-              ?_assertMatch(false, signed_by_p(hd(lists:nth(6, Chains)),
-                                               hd(lists:nth(6, Chains))))
+              ?_assertMatch(false, signed_by_p(hd(nth(6, Chains)),
+                                               hd(nth(6, Chains))))
               ] end}.
 
 chain_test_() ->