[erlang-questions] enforcing ssl trust chain
Mon Aug 23 10:37:55 CEST 2010
On 16/08/10 13:30, Jesper Pettersson wrote:
>> My personal preference for default value was not to accept any
>> path-validation errors as default, but the motivation was that it
>> should be as easy as possible to get an ssl connection up and
>> running. I am just back from vacation and I do not remember
>> all the details of the discussion. We are of course interested in all
>> user feedback we can get.
>> So if you have any arguments for or against please let us know.
> In my opinion the default behavior should be very strict with regards to
> certificate validation.
I agree with Jesper - the default should be strict and a relaxed mode
should be available as a configuration option.
Thanks for confirming that overriding the verify_fun is currently the
best way of achieving a configuration more suitable for a production
More information about the erlang-questions