[erlang-questions] ssl certificate verification in httpc

Camille Troillard lists@REDACTED
Tue Jul 15 16:41:49 CEST 2014

Hi Robert,

> SSL essentially does two things at once: encrypts the data and checks if client and/or server are who they say they are. The latter is where certificate verification comes into play, the encryption part is always done and usually automatically negotiated between client and server.
> So, if all you are aiming for is encrypting the data travelling between client and server, then you don't need the ssl option. Just point your httpc:request at an "https://..." URL and the encryption is handled for you without you having to do anything more.

I think this works only if you trust your DNS, otherwise you have to check that the certificate matches the host.
Please correct me if I’m wrong.


More information about the erlang-questions mailing list