[erlang-questions] erlang SSL client verification for self-signed certificates

Dmitry Aleksandrov <>
Mon Jan 25 19:57:48 CET 2016


I have a question, I try to check client certificate verification using
selfsigned server certificates.

I'll try to use it:

ssl:connect("localhost", 8443, [binary, {verify, verify_peer}, {cacertfile,
"cert.pem"}], 60000)
> {:error, {:tls_alert, 'bad certificate'}}

After tracing, I got:
public_key.pkix_path_validation/3 -> {error, {bad_cert, selfsigned_peer}}

If I try to exclude this error, by rewriting verification fun, which allow
this fun to be a valid, than all certificates are accepted. Is it possible
somehow to verify server self-signed certificate?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160125/9c93ded9/attachment.html>

More information about the erlang-questions mailing list