[erlang-questions] Re: https request with checking peer

Ingela Andin <>
Mon Aug 16 10:30:49 CEST 2010


Hi!

> I would be very pleased, if someone points me where to read. Erlang
> SSL guide haven't helped me =(

We are currently in the process of rewriting the documentation to fit the new
ssl implementation, I hope the upcoming documentation will be more satisfying.

> It seems that ssl:start() isn't synonymous with
> application:start(ssl).

No it is not, since the latest version off ssl also crypto and
public_key will also be started if the are not already
started. application:start/[1,2] may be used with embedded systems and
may not start anything else then the application in question, but
ssl:start/[1,2] is a utility function often used for testing in the
shell and we wanted to make it simpler and more convenient. It probably
would be more logical to use application:start on crypto, public_key,
and ssl in a "dynamic" (not embedded) applications setup procedure, as
for clean up you will have to stop all the applications. ssl:stop will
only stop ssl.


2010/8/12 Max Lapshin <>:
> But if I do so:
>
> ssl:start().
> inets:start().
> httpc:request(get, {"https://zzz.com", []}, [{ssl,[{verify,1}]}], []).
>
> I get response, while I want to get error: "untrusted certificate"
>
> Is there any simple way automatically check peer certificate against
> some root cert?

Well this depends on the default verify_fun. Try

VerifyFun =  fun([]) ->
 			 true;
 		    ([_| _]) ->
 			 false
 		 end,

httpc:request(get, {"https://zzz.com", []}, [{ssl,[{verify,1},
{verify_fun, VerifyFun}]}], []).

I also saw there was an other question about the default verify fun, I
will reply to that thread next.

Regards Ingela Erlang/OTP Team, Ericsson AB


More information about the erlang-questions mailing list