diff options
author | joe <joe@jerkface.net> | 2014-05-20 18:48:23 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2014-05-20 18:48:23 -0400 |
commit | c7f0c80ab09c3ff8de29e2c4e0da6900f483bccd (patch) | |
tree | b969e93ac12dbed89f1a9696478130da79373528 | |
parent | ddbd029984f703d9c15fb646dfbbfe84d3352e0d (diff) |
documentaiton tweeks
-rw-r--r-- | TLSA.hs | 15 | ||||
-rw-r--r-- | validatecert.hs | 2 |
2 files changed, 9 insertions, 8 deletions
@@ -237,13 +237,13 @@ data IssuanceTest = IssuanceTest | |||
237 | -- supplied via a 'TLSA' record but not otherwise present in the chain. | 237 | -- supplied via a 'TLSA' record but not otherwise present in the chain. |
238 | } | 238 | } |
239 | 239 | ||
240 | -- | Use the the given set of 'TLSA' records to validate, or paritally validate | 240 | -- | Use the the given set of 'TLSA' records to validate or paritally validate |
241 | -- a certificate, given a list of other probably relevent certificates. Results | 241 | -- a certificate given a list of other probably relevent certificates. Results |
242 | -- are interpreted as follows: | 242 | -- are interpreted as follows: |
243 | -- | 243 | -- |
244 | -- [@ Nothing @] The certificate passed validation. | 244 | -- [@ Nothing @] The certificate PASSED validation. |
245 | -- | 245 | -- |
246 | -- [@ Just \[\] @] Failed validation. | 246 | -- [@ Just \[\] @] The certificate FAILED validation. |
247 | -- | 247 | -- |
248 | -- [@ Just xss @] A set of certificate issued-by chains. If you trust any | 248 | -- [@ Just xss @] A set of certificate issued-by chains. If you trust any |
249 | -- certificate in any of these chains, you may consider the | 249 | -- certificate in any of these chains, you may consider the |
@@ -252,11 +252,12 @@ data IssuanceTest = IssuanceTest | |||
252 | validate :: IssuanceTest -> [TLSA] -> SignedCertificate -> [SignedCertificate] | 252 | validate :: IssuanceTest -> [TLSA] -> SignedCertificate -> [SignedCertificate] |
253 | -> Maybe [[SignedCertificate]] | 253 | -> Maybe [[SignedCertificate]] |
254 | validate (IssuanceTest isIssuedBy isSignedBy) rs cert chain | 254 | validate (IssuanceTest isIssuedBy isSignedBy) rs cert chain |
255 | | not (null domainIssued) = Nothing | 255 | | domainIssued = Nothing |
256 | | any hasAnchor chains = Nothing | 256 | | any hasAnchor chains = Nothing |
257 | | null rs = Just $ (certv !) .: chains | ||
257 | | otherwise = Just $ (certv !) .: filter satisfiesConstraints chains | 258 | | otherwise = Just $ (certv !) .: filter satisfiesConstraints chains |
258 | where | 259 | where |
259 | domainIssued = filter (`match` cert) daneEEs | 260 | domainIssued = any (`match` cert) daneEEs |
260 | 261 | ||
261 | threshold = length chain | 262 | threshold = length chain |
262 | 263 | ||
diff --git a/validatecert.hs b/validatecert.hs index 1871b24..6984b2c 100644 --- a/validatecert.hs +++ b/validatecert.hs | |||
@@ -18,7 +18,7 @@ import System.IO | |||
18 | import Data.Map ( Map ) | 18 | import Data.Map ( Map ) |
19 | import Data.Time.LocalTime ( getZonedTime ) | 19 | import Data.Time.LocalTime ( getZonedTime ) |
20 | import Data.Time.Format ( formatTime ) | 20 | import Data.Time.Format ( formatTime ) |
21 | import Data.X509 as X509 ( SignedCertificate, Certificate, decodeSignedObject, getCertificate ) | 21 | import Data.X509 as X509 ( SignedCertificate, decodeSignedObject ) |
22 | import System.Exit | 22 | import System.Exit |
23 | import System.Posix.Process ( getProcessID ) | 23 | import System.Posix.Process ( getProcessID ) |
24 | import System.Locale ( defaultTimeLocale ) | 24 | import System.Locale ( defaultTimeLocale ) |