fdmanana/OTP R13B03 new SSL certificate parsing fix

## OTP R13B03 new SSL certificate parsing fix
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 0ccc747..b53f8e7 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -176,9 +176,15 @@ validate_revoked_status(_OtpCert, _Verify, AccErr) ->

 validate_extensions(OtpCert, ValidationState, Verify, AccErr) ->
     TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
-    Extensions = TBSCert#'OTPTBSCertificate'.extensions,
-    validate_extensions(Extensions, ValidationState, no_basic_constraint,
-			is_self_signed(OtpCert), [], Verify, AccErr).
+    case TBSCert#'OTPTBSCertificate'.version of
+        N when N >= 3 ->
+            Extensions = TBSCert#'OTPTBSCertificate'.extensions,
+            validate_extensions(Extensions, ValidationState,
+                no_basic_constraint, is_self_signed(OtpCert),
+                [], Verify, AccErr);
+        _ -> %% Extensions not present in versions 1 & 2
+            {ValidationState, [], AccErr}
+    end.

 validate_unknown_extensions([], AccErr, _Verify) ->
     AccErr;
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index decc6c9..336d64a 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -206,14 +206,24 @@ remove_certs(Ref, CertsDb) ->
     ets:match_delete(CertsDb, {{Ref, '_', '_'}, '_'}).

 add_certs_from_file(File, Ref, CertsDb) ->
-    Decode = fun(Cert) ->
-		     {ok, ErlCert} = public_key:pkix_decode_cert(Cert, otp),
-		     TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
-		     SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
-		     Issuer = public_key:pkix_normalize_general_name(
-				TBSCertificate#'OTPTBSCertificate'.issuer),
-		     insert({Ref, SerialNumber, Issuer}, {Cert,ErlCert}, CertsDb)
-	     end,
-    {ok,Der} = public_key:pem_to_der(File),
-    [Decode(Cert) || {cert, Cert, not_encrypted} <- Der].
+    {ok, Der} = public_key:pem_to_der(File),
+    lists:reverse(lists:foldl(
+        fun({cert, Cert, not_encrypted}, Acc) ->
+            try
+                {ok, ErlCert} = public_key:pkix_decode_cert(Cert, otp),
+                TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
+                SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
+		        Issuer = public_key:pkix_normalize_general_name(
+				    TBSCertificate#'OTPTBSCertificate'.issuer),
+		        [insert({Ref, SerialNumber, Issuer}, {Cert, ErlCert}, CertsDb) | Acc]
+            catch
+                error:Reason ->
+                    Report = io_lib:format("SSL WARNING: Ignoring CA cert: ~p"
+                           "~n Due to decoding error:~p ~n", [Cert, Reason]),
+                    error_logger:info_report(Report),
+                    Acc
+            end;
+        (_, Acc) ->
+            Acc
+        end, [], Der)).
	diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
	index 0ccc747..b53f8e7 100644
	--- a/lib/public_key/src/pubkey_cert.erl
	+++ b/lib/public_key/src/pubkey_cert.erl
	@@ -176,9 +176,15 @@ validate_revoked_status(_OtpCert, _Verify, AccErr) ->

	validate_extensions(OtpCert, ValidationState, Verify, AccErr) ->
	TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
	- Extensions = TBSCert#'OTPTBSCertificate'.extensions,
	- validate_extensions(Extensions, ValidationState, no_basic_constraint,
	- is_self_signed(OtpCert), [], Verify, AccErr).
	+ case TBSCert#'OTPTBSCertificate'.version of
	+ N when N >= 3 ->
	+ Extensions = TBSCert#'OTPTBSCertificate'.extensions,
	+ validate_extensions(Extensions, ValidationState,
	+ no_basic_constraint, is_self_signed(OtpCert),
	+ [], Verify, AccErr);
	+ _ -> %% Extensions not present in versions 1 & 2
	+ {ValidationState, [], AccErr}
	+ end.

	validate_unknown_extensions([], AccErr, _Verify) ->
	AccErr;
	diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
	index decc6c9..336d64a 100644
	--- a/lib/ssl/src/ssl_certificate_db.erl
	+++ b/lib/ssl/src/ssl_certificate_db.erl
	@@ -206,14 +206,24 @@ remove_certs(Ref, CertsDb) ->
	ets:match_delete(CertsDb, {{Ref, '_', '_'}, '_'}).

	add_certs_from_file(File, Ref, CertsDb) ->
	- Decode = fun(Cert) ->
	- {ok, ErlCert} = public_key:pkix_decode_cert(Cert, otp),
	- TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
	- SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
	- Issuer = public_key:pkix_normalize_general_name(
	- TBSCertificate#'OTPTBSCertificate'.issuer),
	- insert({Ref, SerialNumber, Issuer}, {Cert,ErlCert}, CertsDb)
	- end,
	- {ok,Der} = public_key:pem_to_der(File),
	- [Decode(Cert) \|\| {cert, Cert, not_encrypted} <- Der].
	+ {ok, Der} = public_key:pem_to_der(File),
	+ lists:reverse(lists:foldl(
	+ fun({cert, Cert, not_encrypted}, Acc) ->
	+ try
	+ {ok, ErlCert} = public_key:pkix_decode_cert(Cert, otp),
	+ TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate,
	+ SerialNumber = TBSCertificate#'OTPTBSCertificate'.serialNumber,
	+ Issuer = public_key:pkix_normalize_general_name(
	+ TBSCertificate#'OTPTBSCertificate'.issuer),
	+ [insert({Ref, SerialNumber, Issuer}, {Cert, ErlCert}, CertsDb) \| Acc]
	+ catch
	+ error:Reason ->
	+ Report = io_lib:format("SSL WARNING: Ignoring CA cert: ~p"
	+ "~n Due to decoding error:~p ~n", [Cert, Reason]),
	+ error_logger:info_report(Report),
	+ Acc
	+ end;
	+ (_, Acc) ->
	+ Acc
	+ end, [], Der)).