PATCH - public_key should handle unknown attribute types

Will <>
Sat Jul 4 21:46:39 CEST 2009


Odd, gmail clearly shows the diff attached, but it doesn't seem to
have made it through the mailing list processing. Here's an inline
copy...

On Sat, Jul 4, 2009 at 11:01 AM, Will<> wrote:
> Hi,
>
> SSL handshaking with new_ssl will fail when a certificate contains
> attributes unknown to the public_key module. Here is a patch that
> leaves the attribute value encoded when its type is unknown.
>
> -Will
>

diff -r 80795205fd0a src/pubkey_cert_records.erl
--- a/src/pubkey_cert_records.erl	Sat Jul 04 10:44:41 2009 -0700
+++ b/src/pubkey_cert_records.erl	Sat Jul 04 10:51:40 2009 -0700
@@ -187,8 +187,11 @@
 	      end, Exts).

 transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
-    Type = attribute_type(Id),
-    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
+    {ok, Value} =
+        case attribute_type(Id) of
+            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
+            _UnknownType            -> {ok, Value0}
+        end,
     ATAV#'AttributeTypeAndValue'{value=Value};
 transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
     AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
@@ -231,7 +234,8 @@
 attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
 attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
 attribute_type(?'id-domainComponent') -> 'DomainComponent';
-attribute_type(?'id-emailAddress') -> 'EmailAddress'.
+attribute_type(?'id-emailAddress') -> 'EmailAddress';
+attribute_type(Type) -> Type.

 %%% Old code transforms


More information about the erlang-bugs mailing list