[erlang-questions] enforcing ssl trust chain
Hynek Vychodil
hynek@REDACTED
Mon Aug 23 11:31:11 CEST 2010
http://www.eff.org/observatory
It's not fully on topic but big overlap.
On Mon, Aug 23, 2010 at 10:37 AM, Emile Joubert <emile@REDACTED> wrote:
> On 16/08/10 13:30, Jesper Pettersson wrote:
>>> My personal preference for default value was not to accept any
>>> path-validation errors as default, but the motivation was that it
>>> should be as easy as possible to get an ssl connection up and
>>> running. I am just back from vacation and I do not remember
>>> all the details of the discussion. We are of course interested in all
>>> user feedback we can get.
>>> So if you have any arguments for or against please let us know.
>>
>> In my opinion the default behavior should be very strict with regards to
>> certificate validation.
>
> I agree with Jesper - the default should be strict and a relaxed mode
> should be available as a configuration option.
>
> Thanks for confirming that overriding the verify_fun is currently the
> best way of achieving a configuration more suitable for a production
> environment.
>
> Thanks
>
> Emile
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>
--
--Hynek (Pichi) Vychodil
Analyze your data in minutes. Share your insights instantly. Thrill
your boss. Be a data hero!
Try GoodData now for free: www.gooddata.com
More information about the erlang-questions
mailing list