[erlang-questions] SSL client verification for self-signed certificates

Dmitry Russ <>
Tue Jan 26 10:40:53 CET 2016


Hi,

I try to check client certificate verification using selfsigned server
certificates.

I try to use it:

ssl:connect("localhost", 8443, [binary, {verify, verify_peer}, {cacertfile,
"cert.pem"}], 60000)
> {:error, {:tls_alert, 'bad certificate'}}

After tracing, I got:
public_key.pkix_path_validation/3 -> {error, {bad_cert, selfsigned_peer}}

If I try to exclude this error, by rewriting verify fun, which allow for
this error to be a valid certificate, than all selfsigned certificates
simply accepted, it doesn't check it anymore.

Is it possible somehow to verify server self-signed certificate?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160126/9111d15c/attachment.html>


More information about the erlang-questions mailing list