public_key and ssl question

Andreas Schultz <>
Mon Feb 28 10:21:46 CET 2011


Hi,

I have been playing with the public_key, crypto and ssl apps a bit.

What struck me as odd is that X.509 certificates are only partially
decoded. public_key:pkix_decode_cert/2 will return many of the fields
undecoded. This leads to my first question:

  Is the partial decoding on purpose (maybe to simplify things or safe 
  memory/cpu cycle) or just not completed yet?

And second:

  Since the common name (CN) of a certificate is not decoded, how will 
  a SSL client verify the identity of a SSL server?

Looking through the SSL code i can see that the certificate chain itself
will be verified (the verify_peer result), but the common name is not
check as far as i can tell.

Andreas
-- 
Dipl. Inform.
Andreas Schultz

email: 
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110228/1e89224b/attachment.bin>


More information about the erlang-questions mailing list