[erlang-questions] SSL: "unknown ca"

Eric Pailleau eric.pailleau@REDACTED
Sat Jan 31 19:06:56 CET 2015


for your other remarks,
you did not ask to run this procedure, but it is the normal procedure if you do ssl client authentication. SSL is nice to hide  to listeners exchanges between a client and server, but if you do not authenticate the client, you can hide exchanges between your server and a hacker.

disabling the normal procedure, by coding your own openssl verification callback, is possible but  not recommanded unless a strong experience.
Btw, I do recommand using CA with long life, and certificates with shorter lifes.
otherwise you will have to update your CA bundle with your self signed, each time your self signed cert expires.


« Envoyé depuis mon mobile » Eric


More information about the erlang-questions mailing list