[erlang-questions] Upgrading gen_tcp socket to ssl

Francesca Gangemi <>
Thu Dec 4 18:16:22 CET 2008


Hi,

Ingela Anderton Andin wrote:
>> But when I try ssl:connect(Gen_tcp_socket,[{verify,0}]), I get
>> {eoptions,{cacertfile,[]}}.
>> The Gen_tcp_socket is a socket created using gen_tcp:connect/3.
>>
>> Since {verify,0}, why is a cacertfile required.
>>
>>     
>
> Verify options was one of the things that was not fully implemented.
>
> Ssl-3.10 will soon be out in R12B-5 and then the new ssl-implementation
> will be much more complete but still there are a few limitations left 
> before it can completely replace the old ssl. You are welcome to try it
> and we are of course interested in any feedback that you might have.
>   

I'm using ssl-3.10 and I still see the same problem:
"cacertfile" is required even if {verify,0} is explicitly specified as 
option .

As example

 ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0},{ssl_imp,new}]).
{error,{eoptions,{cacertfile,[]}}}

 ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0}]).             
{ok,{sslsocket,5,<0.1664.0>}}


Trying to upgrade a tcp socket I put as cacertfile the filename of a 
certificate I have on my machine and I've got the following error report

 ssl:connect(#Port<0.3428>,[{certfile,"certs/mycert.pem"},
 {keyfile,"certs/mycert.key"},
 {cacertfile,"certs/vsign.pem"},
 {verify,0}, {ssl_imp, new}])

=ERROR REPORT==== 4-Dec-2008::17:57:05 ===
SSL: hello: ./ssl_record.erl:291:Fatal error: record_overflow


Btw, is it written anywhere in the doc that ssl needs public_key? I 
thought crypto was the only required application...

Kind regards
Francesca

-- 
Francesca Gangemi, 
Erlang Training and Consulting
http://www.erlang-consulting.com/ 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20081204/eda64d64/attachment.html>


More information about the erlang-questions mailing list