[erlang-questions] enforcing ssl trust chain

Hynek Vychodil <>
Mon Aug 23 11:31:11 CEST 2010


http://www.eff.org/observatory

It's not fully on topic but big overlap.

On Mon, Aug 23, 2010 at 10:37 AM, Emile Joubert <> wrote:
> On 16/08/10 13:30, Jesper Pettersson wrote:
>>> My personal preference for default value was not to accept any
>>> path-validation errors as default, but the motivation was that it
>>> should be as easy as possible to get an ssl connection up and
>>> running. I am just back from vacation and I do not remember
>>> all the details of the discussion.  We are of course interested in all
>>> user feedback we can get.
>>> So if you have any arguments for or against please let us know.
>>
>> In my opinion the default behavior should be very strict with regards to
>> certificate validation.
>
> I agree with Jesper - the default should be strict and a relaxed mode
> should be available as a configuration option.
>
> Thanks for confirming that overriding the verify_fun is currently the
> best way of achieving a configuration more suitable for a production
> environment.
>
> Thanks
>
> Emile
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:
>
>



-- 
--Hynek (Pichi) Vychodil

Analyze your data in minutes. Share your insights instantly. Thrill
your boss.  Be a data hero!
Try GoodData now for free: www.gooddata.com


More information about the erlang-questions mailing list