PATCH - public_key should handle unknown attribute types

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

PATCH - public_key should handle unknown attribute types

Will-54
Hi,

SSL handshaking with new_ssl will fail when a certificate contains
attributes unknown to the public_key module. Here is a patch that
leaves the attribute value encoded when its type is unknown.

-Will



________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org
Reply | Threaded
Open this post in threaded view
|

Re: PATCH - public_key should handle unknown attribute types

Will-54
Odd, gmail clearly shows the diff attached, but it doesn't seem to
have made it through the mailing list processing. Here's an inline
copy...

On Sat, Jul 4, 2009 at 11:01 AM, Will<[hidden email]> wrote:
> Hi,
>
> SSL handshaking with new_ssl will fail when a certificate contains
> attributes unknown to the public_key module. Here is a patch that
> leaves the attribute value encoded when its type is unknown.
>
> -Will
>

diff -r 80795205fd0a src/pubkey_cert_records.erl
--- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
+++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
@@ -187,8 +187,11 @@
       end, Exts).

 transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
-    Type = attribute_type(Id),
-    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
+    {ok, Value} =
+        case attribute_type(Id) of
+            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
+            _UnknownType            -> {ok, Value0}
+        end,
     ATAV#'AttributeTypeAndValue'{value=Value};
 transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
     AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
@@ -231,7 +234,8 @@
 attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
 attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
 attribute_type(?'id-domainComponent') -> 'DomainComponent';
-attribute_type(?'id-emailAddress') -> 'EmailAddress'.
+attribute_type(?'id-emailAddress') -> 'EmailAddress';
+attribute_type(Type) -> Type.

 %%% Old code transforms

________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org

Reply | Threaded
Open this post in threaded view
|

Re: Re: PATCH - public_key should handle unknown attribute types

Dan Gudmundsson

Thanks applied.
/Dan

Will wrote:

> Odd, gmail clearly shows the diff attached, but it doesn't seem to
> have made it through the mailing list processing. Here's an inline
> copy...
>
> On Sat, Jul 4, 2009 at 11:01 AM, Will<[hidden email]> wrote:
>> Hi,
>>
>> SSL handshaking with new_ssl will fail when a certificate contains
>> attributes unknown to the public_key module. Here is a patch that
>> leaves the attribute value encoded when its type is unknown.
>>
>> -Will
>>
>
> diff -r 80795205fd0a src/pubkey_cert_records.erl
> --- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
> +++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
> @@ -187,8 +187,11 @@
>        end, Exts).
>
>  transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
> -    Type = attribute_type(Id),
> -    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
> +    {ok, Value} =
> +        case attribute_type(Id) of
> +            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
> +            _UnknownType            -> {ok, Value0}
> +        end,
>      ATAV#'AttributeTypeAndValue'{value=Value};
>  transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
>      AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
> @@ -231,7 +234,8 @@
>  attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
>  attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
>  attribute_type(?'id-domainComponent') -> 'DomainComponent';
> -attribute_type(?'id-emailAddress') -> 'EmailAddress'.
> +attribute_type(?'id-emailAddress') -> 'EmailAddress';
> +attribute_type(Type) -> Type.
>
>  %%% Old code transforms
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>

________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org