[erlang-questions] https request certificate validation

Mon Apr 18 19:11:08 CEST 2011

Hi.
So I want request to fail if server certificate is self-signed.
I tried different options but no luck.

-module(tst).
-compile(export_all).

get(Url, Opt)->
    case http:request(get, {Url, []}, Opt,[]) of
        {ok, {H,_Headers,_Response}} ->
            {ok , H};
        O -> O
    end.

g()->
    inets:start(),
    ssl:start(),
    http:set_options([{max_
sessions, 0}
                      ,{max_keep_alive_length, 0}
%                      ,{verbose, verbose}
                      ]),
    Opts = [[{ssl,[{verify, verify_peer}]}]
            ,[{ssl,[{verify, verify_peer}]}]
            ,[{ssl,[{verify, 2}]}]
            ,[{ssl,[{verify, 1}]}]
            ,[{ssl,[{verify, 0}]}]
            ,[{ssl,[{verify, verify_peer}]}]
            ],
    io:format("~p~n",[[get("https://localhost", O) || O <- Opts]]),
    io:format("~p~n",[[get("https://mail.google.com/mail/ <http://../../>",
O) || O <- Opts]]),
    init:stop().

Typical output:
[{error,{connect_failed,eoptions}},
 {error,{connect_failed,eoptions}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {error,{connect_failed,eoptions}}]
[{error,{connect_failed,eoptions}},
 {error,{connect_failed,eoptions}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {ok,{"HTTP/1.1",200,"OK"}},
 {ok,{"HTTP/1.1",200,"OK"}}]

Note the 'verify_peer' variant. It fails unregularly independеntly of
certificate validity.
Erlang versions under consideration:
R13B03@REDACTED ubuntu
R14B02@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110418/2c75a657/attachment.htm>