[erlang-questions] enforcing ssl trust chain

Emile Joubert emile@REDACTED
Mon Aug 23 10:37:55 CEST 2010


On 16/08/10 13:30, Jesper Pettersson wrote:
>> My personal preference for default value was not to accept any
>> path-validation errors as default, but the motivation was that it
>> should be as easy as possible to get an ssl connection up and
>> running. I am just back from vacation and I do not remember
>> all the details of the discussion.  We are of course interested in all
>> user feedback we can get.
>> So if you have any arguments for or against please let us know.
> 
> In my opinion the default behavior should be very strict with regards to
> certificate validation.

I agree with Jesper - the default should be strict and a relaxed mode
should be available as a configuration option.

Thanks for confirming that overriding the verify_fun is currently the
best way of achieving a configuration more suitable for a production
environment.

Thanks

Emile


More information about the erlang-questions mailing list