[erlang-bugs] ELDAP: peer verification fails due to mangled SSL options

Ingela Anderton Andin <>
Thu Sep 26 15:13:48 CEST 2013


Hi!

I think it should be considered a bug, and removed as you suggested.

Regards Ingela Erlang/OTP team - Ericsson AB


On 09/24/2013 06:43 PM, Florian Waas wrote:
> Moving this over to the bugs mailing list. The fix is to remove the
> {verify, 0} prefix as mentioned below.
>
> Regards,
> -fl.
>
> ----
>
> Currently, eldap does not support peer verification (equivalent
> to ldap.conf's TLS_REQCERT).
>
> Turns out eldap:do_connect/3 always prefixes the caller's ssl options
> with {verify, 0} under the covers which renders a {verify, verify_peer}
> from the caller ineffective:
>
> https://github.com/erlang/otp/blob/maint/lib/eldap/src/eldap.erl#L392
>
> As far as I can tell, there's no good/obvious reason for this -- and
> after removing this automatic prefix, it works as one would expect.
>
>
> Just a bug or anybody know of some rationale why verification is
> prevented this way?
>
>
> -fl.
>
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-bugs
>



More information about the erlang-bugs mailing list