[erlang-questions] Re: https request with checking peer
Ingela Andin
ingela@REDACTED
Mon Aug 16 10:30:49 CEST 2010
Hi!
> I would be very pleased, if someone points me where to read. Erlang
> SSL guide haven't helped me =(
We are currently in the process of rewriting the documentation to fit the new
ssl implementation, I hope the upcoming documentation will be more satisfying.
> It seems that ssl:start() isn't synonymous with
> application:start(ssl).
No it is not, since the latest version off ssl also crypto and
public_key will also be started if the are not already
started. application:start/[1,2] may be used with embedded systems and
may not start anything else then the application in question, but
ssl:start/[1,2] is a utility function often used for testing in the
shell and we wanted to make it simpler and more convenient. It probably
would be more logical to use application:start on crypto, public_key,
and ssl in a "dynamic" (not embedded) applications setup procedure, as
for clean up you will have to stop all the applications. ssl:stop will
only stop ssl.
2010/8/12 Max Lapshin <max.lapshin@REDACTED>:
> But if I do so:
>
> ssl:start().
> inets:start().
> httpc:request(get, {"https://zzz.com", []}, [{ssl,[{verify,1}]}], []).
>
> I get response, while I want to get error: "untrusted certificate"
>
> Is there any simple way automatically check peer certificate against
> some root cert?
Well this depends on the default verify_fun. Try
VerifyFun = fun([]) ->
true;
([_| _]) ->
false
end,
httpc:request(get, {"https://zzz.com", []}, [{ssl,[{verify,1},
{verify_fun, VerifyFun}]}], []).
I also saw there was an other question about the default verify fun, I
will reply to that thread next.
Regards Ingela Erlang/OTP Team, Ericsson AB
More information about the erlang-questions
mailing list