Erlang
 » 
Erlang Bugs

PATCH - public_key should handle unknown attribute types

View: New views
3 Messages — Rating Filter:   Alert me  

PATCH - public_key should handle unknown attribute types

by Will-54 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

SSL handshaking with new_ssl will fail when a certificate contains
attributes unknown to the public_key module. Here is a patch that
leaves the attribute value encoded when its type is unknown.

-Will



________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org

Re: PATCH - public_key should handle unknown attribute types

by Will-54 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Odd, gmail clearly shows the diff attached, but it doesn't seem to
have made it through the mailing list processing. Here's an inline
copy...

On Sat, Jul 4, 2009 at 11:01 AM, Will<wglozer@...> wrote:
> Hi,
>
> SSL handshaking with new_ssl will fail when a certificate contains
> attributes unknown to the public_key module. Here is a patch that
> leaves the attribute value encoded when its type is unknown.
>
> -Will
>

diff -r 80795205fd0a src/pubkey_cert_records.erl
--- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
+++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
@@ -187,8 +187,11 @@
       end, Exts).

 transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
-    Type = attribute_type(Id),
-    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
+    {ok, Value} =
+        case attribute_type(Id) of
+            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
+            _UnknownType            -> {ok, Value0}
+        end,
     ATAV#'AttributeTypeAndValue'{value=Value};
 transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
     AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
@@ -231,7 +234,8 @@
 attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
 attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
 attribute_type(?'id-domainComponent') -> 'DomainComponent';
-attribute_type(?'id-emailAddress') -> 'EmailAddress'.
+attribute_type(?'id-emailAddress') -> 'EmailAddress';
+attribute_type(Type) -> Type.

 %%% Old code transforms

________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org


Re: Re: PATCH - public_key should handle unknown attribute types

by Dan Gudmundsson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Thanks applied.
/Dan

Will wrote:

> Odd, gmail clearly shows the diff attached, but it doesn't seem to
> have made it through the mailing list processing. Here's an inline
> copy...
>
> On Sat, Jul 4, 2009 at 11:01 AM, Will<wglozer@...> wrote:
>> Hi,
>>
>> SSL handshaking with new_ssl will fail when a certificate contains
>> attributes unknown to the public_key module. Here is a patch that
>> leaves the attribute value encoded when its type is unknown.
>>
>> -Will
>>
>
> diff -r 80795205fd0a src/pubkey_cert_records.erl
> --- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
> +++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
> @@ -187,8 +187,11 @@
>        end, Exts).
>
>  transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
> -    Type = attribute_type(Id),
> -    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
> +    {ok, Value} =
> +        case attribute_type(Id) of
> +            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
> +            _UnknownType            -> {ok, Value0}
> +        end,
>      ATAV#'AttributeTypeAndValue'{value=Value};
>  transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
>      AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
> @@ -231,7 +234,8 @@
>  attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
>  attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
>  attribute_type(?'id-domainComponent') -> 'DomainComponent';
> -attribute_type(?'id-emailAddress') -> 'EmailAddress'.
> +attribute_type(?'id-emailAddress') -> 'EmailAddress';
> +attribute_type(Type) -> Type.
>
>  %%% Old code transforms
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>

________________________________________________________________
erlang-bugs mailing list. See http://www.erlang.org/faq.html
erlang-bugs (at) erlang.org

Free embeddable forum powered by Nabble Forum Help