Avoid infinite loop between self-signed certs

author Evgeniy Khramtsov <ekhramtsov@process-one.net>

Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)

committer Evgeniy Khramtsov <ekhramtsov@process-one.net>

Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)
author Evgeniy Khramtsov <ekhramtsov@process-one.net>
Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)
committer Evgeniy Khramtsov <ekhramtsov@process-one.net>
Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)
diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl

index ef25386cd62855e66e5b5905d5ab22faf45bbfe5..a67df1288e948c09ef9df41d400399de7e4fecb9 100644 (file)
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@@ -689,11 +689,16 @@ get_cert_paths(Certs) ->
        end, Certs),
      lists:foreach(
        fun({Cert1, Cert2}) when Cert1 /= Cert2 ->
-             case public_key:pkix_is_issuer(Cert1, Cert2) of
+             case public_key:pkix_is_self_signed(Cert1) of
                   true ->
-                     digraph:add_edge(G, Cert1, Cert2);
+                     ok;
                   false ->
-                     ok
+                     case public_key:pkix_is_issuer(Cert1, Cert2) of
+                         true ->
+                             digraph:add_edge(G, Cert1, Cert2);
+                         false ->
+                             ok
+                     end
               end;
          (_) ->
               ok
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>
	Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>
	Wed, 6 Dec 2017 21:29:19 +0000 (00:29 +0300)