From 5ce811ec17bf5ca624794dcdb75cdc13dbdb7081 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 19 Aug 2016 14:09:10 +0200 Subject: Support R18 wrt detoxing precerts. Fixes CATLFISH-80. --- src/catlfish_compat.erl | 10 +++++++++- src/x509.erl | 5 ++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/catlfish_compat.erl b/src/catlfish_compat.erl index 55c2b2e..183eb44 100644 --- a/src/catlfish_compat.erl +++ b/src/catlfish_compat.erl @@ -1,11 +1,13 @@ -module(catlfish_compat). --export([unpack_issuer/1, unpack_signature/1]). +-export([unpack_issuer/1, unpack_signature/1, poison_val/1]). -include_lib("public_key/include/public_key.hrl"). unpack_issuer(Issuer) -> unpack_issuer(erlang:system_info(otp_release), Issuer). unpack_signature(Signature) -> unpack_signature(erlang:system_info(otp_release), Signature). +poison_val(Value) -> + poison_val(erlang:system_info(otp_release), Value). %% @doc Dig out alg, params and key from issuer. unpack_issuer("17", Issuer) -> @@ -25,3 +27,9 @@ unpack_signature("17", Signature) -> Sig; unpack_signature("18", Signature) -> Signature. + +%% Use a list for R17 and a binary for newer versions. +poison_val("17", Val) -> + Val; +poison_val("18", Val) -> + list_to_binary(Val). diff --git a/src/x509.erl b/src/x509.erl index 7ae73c3..9159cb3 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -326,11 +326,10 @@ remove_poison_ext(#'Certificate'{tbsCertificate = TBSCert}) -> pubkey_cert:extensions_list(TBSCert#'TBSCertificate'.extensions)), TBSCert#'TBSCertificate'{extensions = Extensions}. --spec poisoned_leaf_p(binary()) -> boolean(). poisoned_leaf_p(#'Extension'{extnID = ?LEAF_POISON_OID, critical = true, - extnValue = ?LEAF_POISON_VAL}) -> - true; + extnValue = ExtnValue}) -> + ExtnValue =:= catlfish_compat:poison_val(?LEAF_POISON_VAL); poisoned_leaf_p(_) -> false. -- cgit v1.1