[erlang-bugs] ELDAP: peer verification fails due to mangled SSL options
Florian Waas
flw@REDACTED
Tue Sep 24 18:43:36 CEST 2013
Moving this over to the bugs mailing list. The fix is to remove the
{verify, 0} prefix as mentioned below.
Regards,
-fl.
----
Currently, eldap does not support peer verification (equivalent
to ldap.conf's TLS_REQCERT).
Turns out eldap:do_connect/3 always prefixes the caller's ssl options with
{verify, 0} under the covers which renders a {verify, verify_peer} from the
caller ineffective:
https://github.com/erlang/otp/blob/maint/lib/eldap/src/eldap.erl#L392
As far as I can tell, there's no good/obvious reason for this -- and after
removing this automatic prefix, it works as one would expect.
Just a bug or anybody know of some rationale why verification is prevented
this way?
-fl.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20130924/44574788/attachment.htm>
More information about the erlang-bugs
mailing list