[erlang-questions] SSL: "unknown ca"

e@REDACTED e@REDACTED
Sat Jan 31 02:41:35 CET 2015


On 01/31/2015 02:37 AM, zxq9 wrote:
> On 2015年1月31日 土曜日 02:13:39 e@REDACTED wrote:
>> On 01/31/2015 02:09 AM, PAILLEAU Eric wrote:
>>>> trusted by WHOM?
>>>> what particular application makes a decision to throw me an error?
>>>
>>> Trusted by you for sure.
>>
>> pardon me, i think puns are not very productive.
>>
>>> The error is raised by openssl.
>>
>> well, i guess there MUST BE a way to suppress this "wise" behavior.
>> is there any docs, describing relations between erlang's "ssl" and
>> openssl? how is it called? when? and what options are fed to openssl?
>>
>> maybe there is plain and simple switch "do not verify"?
>
> This has been the reality sand in the CA pudding since the beginning.
>
> You have a choice: verify every CA yourself (which pretty much relegates you
> to only using CAs you or people you actually know generate), or trust the
> general bundle that groups like OpenSSL, Mozilla, Google, Microsoft, etc.
> generally trust together.

You missed one important option: I shall trust MYSELF and it is exactly 
my case.
i do not want my own certificate to be validated against my own authority.
you see?




More information about the erlang-questions mailing list