[erlang-questions] SSL: "unknown ca"

zxq9 zxq9@REDACTED
Sat Jan 31 02:54:54 CET 2015


On 2015年1月31日 土曜日 02:41:35 e@REDACTED wrote:
> On 01/31/2015 02:37 AM, zxq9 wrote:
> > On 2015年1月31日 土曜日 02:13:39 e@REDACTED wrote:
> >> On 01/31/2015 02:09 AM, PAILLEAU Eric wrote:
> >>>> trusted by WHOM?
> >>>> what particular application makes a decision to throw me an error?
> >>> 
> >>> Trusted by you for sure.
> >> 
> >> pardon me, i think puns are not very productive.
> >> 
> >>> The error is raised by openssl.
> >> 
> >> well, i guess there MUST BE a way to suppress this "wise" behavior.
> >> is there any docs, describing relations between erlang's "ssl" and
> >> openssl? how is it called? when? and what options are fed to openssl?
> >> 
> >> maybe there is plain and simple switch "do not verify"?
> > 
> > This has been the reality sand in the CA pudding since the beginning.
> > 
> > You have a choice: verify every CA yourself (which pretty much relegates
> > you to only using CAs you or people you actually know generate), or trust
> > the general bundle that groups like OpenSSL, Mozilla, Google, Microsoft,
> > etc. generally trust together.
> 
> You missed one important option: I shall trust MYSELF and it is exactly
> my case.
> i do not want my own certificate to be validated against my own authority.
> you see?

lol wut?

These two sentences are so perfectly misconstructed in the context of this 
discussion that I'm having serious doubts as to your intent.



More information about the erlang-questions mailing list