[erlang-questions] Upgrading gen_tcp socket to ssl
Francesca Gangemi
francesca.gangemi@REDACTED
Thu Dec 4 18:16:22 CET 2008
Hi,
Ingela Anderton Andin wrote:
>> But when I try ssl:connect(Gen_tcp_socket,[{verify,0}]), I get
>> {eoptions,{cacertfile,[]}}.
>> The Gen_tcp_socket is a socket created using gen_tcp:connect/3.
>>
>> Since {verify,0}, why is a cacertfile required.
>>
>>
>
> Verify options was one of the things that was not fully implemented.
>
> Ssl-3.10 will soon be out in R12B-5 and then the new ssl-implementation
> will be much more complete but still there are a few limitations left
> before it can completely replace the old ssl. You are welcome to try it
> and we are of course interested in any feedback that you might have.
>
I'm using ssl-3.10 and I still see the same problem:
"cacertfile" is required even if {verify,0} is explicitly specified as
option .
As example
ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0},{ssl_imp,new}]).
{error,{eoptions,{cacertfile,[]}}}
ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0}]).
{ok,{sslsocket,5,<0.1664.0>}}
Trying to upgrade a tcp socket I put as cacertfile the filename of a
certificate I have on my machine and I've got the following error report
ssl:connect(#Port<0.3428>,[{certfile,"certs/mycert.pem"},
{keyfile,"certs/mycert.key"},
{cacertfile,"certs/vsign.pem"},
{verify,0}, {ssl_imp, new}])
=ERROR REPORT==== 4-Dec-2008::17:57:05 ===
SSL: hello: ./ssl_record.erl:291:Fatal error: record_overflow
Btw, is it written anywhere in the doc that ssl needs public_key? I
thought crypto was the only required application...
Kind regards
Francesca
--
Francesca Gangemi, francesca@REDACTED
Erlang Training and Consulting
http://www.erlang-consulting.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20081204/eda64d64/attachment.htm>
More information about the erlang-questions
mailing list