From c7f0c80ab09c3ff8de29e2c4e0da6900f483bccd Mon Sep 17 00:00:00 2001
From: joe <joe@jerkface.net>
Date: Tue, 20 May 2014 18:48:23 -0400
Subject: documentaiton tweeks

---
 TLSA.hs         | 15 ++++++++-------
 validatecert.hs |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/TLSA.hs b/TLSA.hs
index 7fb66dc..01c9a09 100644
--- a/TLSA.hs
+++ b/TLSA.hs
@@ -237,13 +237,13 @@ data IssuanceTest = IssuanceTest
     -- supplied via a 'TLSA' record but not otherwise present in the chain.
     }
 
--- | Use the the given set of 'TLSA' records to validate, or paritally validate
--- a certificate, given a list of other probably relevent certificates. Results
+-- | Use the the given set of 'TLSA' records to validate or paritally validate
+-- a certificate given a list of other probably relevent certificates. Results
 -- are interpreted as follows:
 --
---   [@ Nothing   @] The certificate passed validation.
+--   [@ Nothing   @] The certificate PASSED validation.
 --
---   [@ Just \[\] @] Failed validation.
+--   [@ Just \[\] @] The certificate FAILED validation.
 --
 --   [@ Just xss  @] A set of certificate issued-by chains.  If you trust any
 --                   certificate in any of these chains, you may consider the
@@ -252,11 +252,12 @@ data IssuanceTest = IssuanceTest
 validate :: IssuanceTest -> [TLSA] -> SignedCertificate -> [SignedCertificate]
          -> Maybe [[SignedCertificate]]
 validate (IssuanceTest isIssuedBy isSignedBy) rs cert chain
-    | not (null domainIssued) = Nothing
-    | any hasAnchor chains    = Nothing
+    | domainIssued         = Nothing
+    | any hasAnchor chains = Nothing
+    | null rs              = Just $ (certv !) .: chains
     | otherwise = Just $ (certv !) .: filter satisfiesConstraints chains
  where
-    domainIssued = filter (`match` cert) daneEEs
+    domainIssued = any (`match` cert) daneEEs
 
     threshold = length chain
 
diff --git a/validatecert.hs b/validatecert.hs
index 1871b24..6984b2c 100644
--- a/validatecert.hs
+++ b/validatecert.hs
@@ -18,7 +18,7 @@ import System.IO
 import Data.Map             ( Map )
 import Data.Time.LocalTime  ( getZonedTime )
 import Data.Time.Format     ( formatTime )
-import Data.X509 as X509    ( SignedCertificate, Certificate, decodeSignedObject, getCertificate )
+import Data.X509 as X509    ( SignedCertificate, decodeSignedObject )
 import System.Exit
 import System.Posix.Process ( getProcessID )
 import System.Locale        ( defaultTimeLocale )
-- 
cgit v1.2.3