[erlang-questions] ssl get server certificates

Andrew Thompson <>
Tue Jan 28 17:52:01 CET 2014


On Tue, Jan 28, 2014 at 06:18:41PM +0200, Dmitry Kolesnikov wrote:
> Hello,
> 
> I was trying to google the issue and browse through the list archive but have not found an answer to my questions.
> I am trying to read all certificates transmitted by server during SSL negotiation. 
> It looks for me that ssl:peercert(…) returns only “leaf” certificate. 
> 
> e.g. I am doing https://www.google.com connection. Wireshark shows multiple certificate(s) with total size about 7K but ssl:percent(…) returns only 1.1K “leaf” certification.   
> 
> May be one option is custom verify_certificate implementation!?  
> 

Yes a custom verify function is passed all the certificates the server
provides to verify the chain:

https://github.com/Vagabond/erl_crl_example/blob/master/src/client.erl#L90-L99

valid_peer is the peer certificate and valid are the server
certificates.

Andrew


More information about the erlang-questions mailing list