[erlang-questions] SSL: SSL_set_verify callback (Nicola Lugato)

Ingela Anderton Andin <>
Wed Feb 4 08:35:43 CET 2009


Hi!

Nicola Lugato wrote:
> Hello, could you update me on this issue?
> What's the status of the new implementation? (btw, is it the "new_ssl" 
> explained here http://erlang.org/doc/man/new_ssl.html or something else?)
Yes it is the ssl explained there. There will be a new version in in the 
R13 release sometime in the end of Mars that will include possibilities to
do such things that you want.  New ssl  will still  not be a 100 % 
complete but there will be a possibility to add handling of policy and 
CRL-list cert extensions
yourself if you have critical extensions of that kind.

Regards - Ingela Erlang/OTP, Ericsson

>
> Many thanks, Nicola
> On Mon, Jul 28, 2008 at 2:33 PM, Ingela Anderton Andin 
> < <mailto:>> wrote:
>
>     Hi,
>
>     I am not sure that the existing Erlang API towards openssl lets
>     you get
>     at this functionallity, however we are working
>     on a new ssl-implementation,  that does not use openssl for
>     communication only for cryptographics,
>     where you will be able to do the corresponding. I can not make any
>     promises regarding when we
>     can release this but it is in the pipeline and should be ready in
>     a not
>     too distant future. There is a beta-version  of new ssl in R12B
>     but you would have to hack it as that functionality is not yet
>     included
>     in the API.  (That code has also changed quite a lot since  the R12B
>     release)
>
>     Regards - Ingela Erlang/OTP, Ericsson
>
>
>     > >>>
>     > >>> Hello,
>     > >>>  i'm considering porting some code of mine to erlang. It's a
>     network
>     > >>> server that uses SSL.
>     > >>> It makes use of the callback that you can specify on
>     SSL_set_verify (and
>     > >>> similar) to check if a peer is allowed to connect, based on
>     data in its
>     > >>> certificate.
>     > >>>
>     > >>> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
>     > >>>
>     > >>> I've checked the documentation of the SSL application in Erlang
>     > >>> (http://www.erlang.org/doc/apps/ssl/index.html), but i
>     couldn't find a way
>     > >>> to supply such a callback. Is it possible?
>     > >>> This is a fundamental feature of my server so it would be a
>     blocking
>     > >>> problem.
>     > >>>
>     > >>> Thanks, Nicola
>     >
>
>     _______________________________________________
>     erlang-questions mailing list
>      <mailto:>
>     http://www.erlang.org/mailman/listinfo/erlang-questions
>
>




More information about the erlang-questions mailing list