[erlang-questions] enforcing ssl trust chain
Emile Joubert
emile@REDACTED
Mon Aug 23 19:04:10 CEST 2010
On 16/08/10 13:18, Ingela Andin wrote:
> Hi!
> 2010/8/11 Emile Joubert <emile@REDACTED>:
[...]
>> In a production environment I want to prevent clients without
>> certificates signed by a known CA from connecting. Is there any way of
>> getting this behaviour by using configuration files? The only way I can
>> find is to set verify_fun to an appropriate function, but this is
>> unappealing because I want to change my mind without needing to recompile.
>
> At the moment defining a verify fun would be your option to accomplish this.
> We might add some other configuration option if we find that it seems to be
> a good thing from a general point of view.
I've tried that, but verify_fun gets called regardless of whether verify
is set to verify_none or verify_peer. My reading of the documentation is
that certificate path validation errors should be ignored if verify_none
is set, regardless of verify_fun. Can you please confirm?
Thanks
Emile
More information about the erlang-questions
mailing list