[erlang-questions] SSL: SSL_set_verify callback
Wed Jul 9 20:40:47 CEST 2008
I don't know if it fits your goals exactly but you could use
ssl:peercert(Socket) when connection is established and drop it if
appropriate. I used this to match (a MD5 of) the client's certificate
against a list of permitted users in database.
Nicola Lugato wrote :
> i'm considering porting some code of mine to erlang. It's a network
> server that uses SSL.
> It makes use of the callback that you can specify on SSL_set_verify
> (and similar) to check if a peer is allowed to connect, based on data
> in its certificate.
> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
> I've checked the documentation of the SSL application in Erlang
> (http://www.erlang.org/doc/apps/ssl/index.html), but i couldn't find a
> way to supply such a callback. Is it possible?
> This is a fundamental feature of my server so it would be a blocking
> Thanks, Nicola
More information about the erlang-questions