[erlang-questions] ssl certificate verification in httpc
Roger Lipscombe
roger@REDACTED
Thu Jul 17 10:18:17 CEST 2014
On 17 July 2014 08:42, Graham Hay <grahamrhay@REDACTED> wrote:
> https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
Absolutely. Certificate pinning helps to mitigate the risk from "bad"
CAs: either a compromised CA issues bogus certificates, or you've got
a bogus CA installed in your root store. But it still doesn't detract
from my point:
**Always verify the server certificate**
More information about the erlang-questions
mailing list