[erlang-questions] SSL: "unknown ca"
Eric Pailleau
eric.pailleau@REDACTED
Sat Jan 31 19:06:56 CET 2015
for your other remarks,
you did not ask to run this procedure, but it is the normal procedure if you do ssl client authentication. SSL is nice to hide to listeners exchanges between a client and server, but if you do not authenticate the client, you can hide exchanges between your server and a hacker.
disabling the normal procedure, by coding your own openssl verification callback, is possible but not recommanded unless a strong experience.
Btw, I do recommand using CA with long life, and certificates with shorter lifes.
otherwise you will have to update your CA bundle with your self signed, each time your self signed cert expires.
« Envoyé depuis mon mobile » Eric
More information about the erlang-questions
mailing list