voltone · voltone · Apr 4, 2023 · Apr 4, 2023
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -39,6 +39,9 @@ jobs:
           - pair:
               elixir: '1.13.4'
               otp: '25.0'
+          - pair:
+              elixir: '1.14.3'
+              otp: '25.3'
             lint: lint
     steps:
       - uses: actions/checkout@v2

diff --git a/lib/x509/certificate.ex b/lib/x509/certificate.ex
@@ -412,6 +412,7 @@ defmodule X509.Certificate do
         template.extensions
         |> Keyword.values()
         |> Enum.reject(&(&1 == false))
+        |> Enum.map(&Extension.prepare/1)
     )
   end
 

diff --git a/lib/x509/certificate/extension.ex b/lib/x509/certificate/extension.ex
@@ -6,6 +6,8 @@ defmodule X509.Certificate.Extension do
 
   import X509.ASN1, except: [basic_constraints: 2, authority_key_identifier: 1]
 
+  alias X509.Util
+
   @typedoc "`:Extension` record, as used in Erlang's `:public_key` module"
   @type t :: X509.ASN1.record(:extension)
 
@@ -408,7 +410,18 @@ defmodule X509.Certificate.Extension do
   def find(list, :subject_key_identifier), do: find(list, oid(:"id-ce-subjectKeyIdentifier"))
   def find(list, :authority_key_identifier), do: find(list, oid(:"id-ce-authorityKeyIdentifier"))
   def find(list, :subject_alt_name), do: find(list, oid(:"id-ce-subjectAltName"))
-  def find(list, :crl_distribution_points), do: find(list, oid(:"id-ce-cRLDistributionPoints"))
+
+  def find(list, :crl_distribution_points) do
+    case find(list, oid(:"id-ce-cRLDistributionPoints")) do
+      extension(extnValue: der) = ext when is_binary(der) ->
+        # Older OTP versions decoded this automatically, but newer ones don't...
+        extension(ext, extnValue: :public_key.der_decode(:CRLDistributionPoints, der))
+
+      crl_distribution_points ->
+        crl_distribution_points
+    end
+  end
+
   def find(list, :authority_info_access), do: find(list, oid(:"id-pe-authorityInfoAccess"))
   def find(list, :ocsp_nocheck), do: find(list, @ocsp_nocheck_oid)
 
@@ -440,6 +453,20 @@ defmodule X509.Certificate.Extension do
     |> decode()
   end
 
+  @doc false
+  # Intended for internal use only
+  def prepare(extension(extnID: oid(:"id-ce-cRLDistributionPoints"), extnValue: value) = ext)
+      when is_list(value) do
+    # Older OTP versions encoded this automatically, but newer ones don't...
+    if Util.app_version(:public_key) >= [1, 13, 3] do
+      encode(ext)
+    else
+      ext
+    end
+  end
+
+  def prepare(ext), do: ext
+
   defp encode(extension(extnID: oid(:"id-ce-basicConstraints"), extnValue: value) = ext) do
     extension(ext, extnValue: :public_key.der_encode(:BasicConstraints, value))
   end

diff --git a/lib/x509/test/server.ex b/lib/x509/test/server.ex
@@ -4,6 +4,8 @@ defmodule X509.Test.Server do
   """
   use GenServer
 
+  alias X509.Util
+
   @doc """
   Starts a test server for the given test suite.
 
@@ -117,19 +119,10 @@ defmodule X509.Test.Server do
   end
 
   def log_opts do
-    if version(:ssl) >= [9, 3] do
+    if Util.app_version(:ssl) >= [9, 3] do
       [log_level: :emergency]
     else
       [log_alert: false]
     end
   end
-
-  defp version(application) do
-    application
-    |> Application.spec()
-    |> Keyword.get(:vsn)
-    |> to_string()
-    |> String.split(".")
-    |> Enum.map(&String.to_integer/1)
-  end
 end
diff --git a/lib/x509/util.ex b/lib/x509/util.ex
@@ -0,0 +1,12 @@
+defmodule X509.Util do
+  @moduledoc false
+
+  def app_version(application) do
+    application
+    |> Application.spec()
+    |> Keyword.get(:vsn)
+    |> to_string()
+    |> String.split(".")
+    |> Enum.map(&String.to_integer/1)
+  end
+end