[erlang-questions] SSL: "unknown ca"

Eric Pailleau eric.pailleau@REDACTED
Sat Jan 31 18:48:08 CET 2015


From Erlang dicumentation :

Do the ssl handshake.

5 server> {ok, SSLSocket} = ssl:ssl_accept(Socket, [{cacertfile, "cacerts.pem"}, {certfile, "cert.pem"}, {keyfile, "key.pem"}]). {ok,{sslsocket,[...]}}

did you supplied the cacertfile tuple ?

« Envoyé depuis mon mobile » Eric

e@REDACTED a écrit :

>On 01/31/2015 12:40 PM, Eric Pailleau wrote:
>> I meant that you cannot authenticate a self signed cert
>
>true. i can not and i do not want to.
>and an important part of the confusion raised by the error message ids 
>"why it allegedly tried to verify the certificate i already claimed as 
>trustworthy as myself?"
>
>this error seems to be caused by the chain verification procedure,
>but *i didn't ask to run this procedure*
>
>so the pragmatic aspect of my question is "how to suppress this unwanted 
>behavior", but i prefer to understand the implementation and the error 
>messages, in order to prevent similar errors in the future.
>
>
>> unless you stored it your self as secure.
>
>that's exactly what i did with openssl last night.
>now openssl (being called from the command line) "trusts" all my certs
>but the erlang's error _persists_.
>
>_______________________________________________
>erlang-questions mailing list
>erlang-questions@REDACTED
>http://erlang.org/mailman/listinfo/erlang-questions


More information about the erlang-questions mailing list