[erlang-questions] ssl certificate verification in httpc

Roger Lipscombe roger@REDACTED
Thu Jul 17 10:18:17 CEST 2014

On 17 July 2014 08:42, Graham Hay <grahamrhay@REDACTED> wrote:
> https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

Absolutely. Certificate pinning helps to mitigate the risk from "bad"
CAs: either a compromised CA issues bogus certificates, or you've got
a bogus CA installed in your root store. But it still doesn't detract
from my point:

**Always verify the server certificate**

More information about the erlang-questions mailing list