[erlang-questions] ssl:peercert returns no_peercert on server, but works on client

Ingela Andin <>
Fri Nov 23 10:25:39 CET 2012


Hello again!

I hit the send button by accident before I was finished ...

[..]

> Why do you not validate the certificate in the veryify_fun as part of
> the path_validation?
> And why do you specify a verify_fun that accepts all standard
> certificates path errors
> that is not very safe!
>
> fun(_,{bad_cert, _} = Reason, _) ->
> 	 {fail, Reason};
>     (_,{extension, _}, UserState) ->
> 	 {unknown, UserState};
>     (_, valid, UserState) ->
> 	 {valid, UserState};
>     (PeerCert, valid_peer, UserState) ->
       %% Here you can do verifications of the peer cert
>  {valid, UserState}
>  end, []}

Regards Ingela Erlang/OTP team - Ericsson AB



More information about the erlang-questions mailing list