ssl, public_key: REVIEW comments

erlang · Aug 21, 2023 · 4b2e6c9 · 4b2e6c9
1 parent 2d3326c
commit 4b2e6c9
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/lib/public_key/src/pubkey_ocsp.erl b/lib/public_key/src/pubkey_ocsp.erl
@@ -80,7 +80,7 @@ find_single_response(Cert, IssuerCert, SingleResponseList) ->
     SerialNum = get_serial_num(Cert),
     match_single_response(IssuerName, IssuerKey, SerialNum, SingleResponseList).
 
--spec status({atom(), term()}) -> atom() | {atom(), {atom(), term()}}.
+-spec status({atom(), term()}) -> ok | {error, {bad_cert, term()}}.
 status({good, _}) ->
     ok;
 status({unknown, Reason}) ->
@@ -223,7 +223,7 @@ is_authorized_responder(Cert, IssuerCert) ->
     case lists:any(fun(E) -> E() end, [Case1, Case2, Case3]) of
         true ->
             true;
-        _ ->
+        false ->
             not_authorized_responder
     end.
 

diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
@@ -159,7 +159,11 @@
 -type oid()                  :: tuple().
 -type cert_id()              :: {SerialNr::integer(), issuer_name()} .
 -type issuer_name()          :: {rdnSequence,[[#'AttributeTypeAndValue'{}]]} .
--type bad_cert_reason()      :: cert_expired | invalid_issuer | invalid_signature | name_not_permitted | missing_basic_constraint | invalid_key_usage | duplicate_cert_in_path | {revoked, crl_reason()} | atom().
+-type bad_cert_reason()      :: cert_expired | invalid_issuer | invalid_signature
+                              | name_not_permitted | missing_basic_constraint
+                              | invalid_key_usage | duplicate_cert_in_path
+                              | {revoked, crl_reason()}
+                              | {revocation_status_undetermined, term()} | atom().
 
 -type combined_cert()        :: #cert{}.
 -type cert()                 :: der_cert() | otp_cert().
@@ -1373,7 +1377,7 @@ pkix_test_root_cert(Name, Opts) ->
                    IssuerCert:: cert(),
                    OcspRespDer::der_encoded(),
                    NonceExt::undefined | binary(),
-                   Reason::term().
+                   Reason::bad_cert_reason().
 %% Description: Validate OCSP response
 %%--------------------------------------------------------------------
 pkix_ocsp_validate(DerCert, IssuerCert, OcspRespDer, NonceExt)

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
@@ -2511,10 +2511,6 @@ assert_server_only(client, Bool, Option) ->
     role_error(Bool, server_only, Option);
 assert_server_only(_, _, _) ->
     ok.
-%% assert_client_only(server, Bool, Option) ->
-%%     role_error(Bool, client_only, Option);
-%% assert_client_only(_, _, _) ->
-%%     ok.
 
 role_error(false, _ErrorDesc, _Option) ->
     ok;