[erlang-questions] SSL: SSL_set_verify callback

Nicola Lugato <>
Mon Jul 14 20:36:45 CEST 2008


igwan, how do you accept generic connections? i'm making some tests
but even with verify=0 it search the cacert file and reject any
attempt with the following error:

** exited: {{badmatch,{error,'unknown:0'}},
            [{client_server,start,1},
             {erl_eval,do_apply,5},
             {shell,exprs,6},
             {shell,eval_loop,3}]} **

On Wed, Jul 9, 2008 at 9:16 PM, Nicola Lugato <> wrote:
> Hi igwan,
> that's exacly what i have to do, testing the hash of the certificate against
> a database, but i need to block them at the accept phase, not after
> connection.
> Thanks.
>
> On Wed, Jul 9, 2008 at 8:40 PM, igwan <> wrote:
>>
>> Hi,
>>
>> I don't know if it fits your goals exactly but you could use
>> ssl:peercert(Socket) when connection is established and drop it if
>> appropriate. I used this to match (a MD5 of) the client's certificate
>> against a list of permitted users in database.
>>
>> igwan
>>
>> Nicola Lugato wrote :
>>>
>>> Hello,
>>>  i'm considering porting some code of mine to erlang. It's a network
>>> server that uses SSL.
>>> It makes use of the callback that you can specify on SSL_set_verify (and
>>> similar) to check if a peer is allowed to connect, based on data in its
>>> certificate.
>>>
>>> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
>>>
>>> I've checked the documentation of the SSL application in Erlang
>>> (http://www.erlang.org/doc/apps/ssl/index.html), but i couldn't find a way
>>> to supply such a callback. Is it possible?
>>> This is a fundamental feature of my server so it would be a blocking
>>> problem.
>>>
>>> Thanks, Nicola
>>
>
>



More information about the erlang-questions mailing list