[erlang-questions] Example use of public_key:pkix_crls_validate?

Roger Lipscombe <>
Thu Mar 24 21:22:33 CET 2016


I have a requirement to implement client certificate revocation in my
server. Because we use a custom CA, we don't have a convenient way to
implement OCSP, so I'm looking at using locally-stored CRLs.

I found http://erlang.org/doc/man/public_key.html#pkix_crls_validate-3
which sounds like it would be useful, but the documentation is ...
sparse.

Are there any good examples of using this function?

More generally, are there any good examples of custom verify_fun
implementations? My use case for the second is verifying a client
certificate to ensure that it has the expected CN and uses a SHA-256
hash.

Or am I going to have to write one myself...? :-)


More information about the erlang-questions mailing list