[erlang-questions] Enabling SSL CRL revocation validation for secure URLS in Erlang
Soumya Shankar Sardar
soumya.shankar.sardar@REDACTED
Wed May 30 11:04:23 CEST 2018
Hi ,
Need some help on SSL CRL revocation validation enabled for HTTPS in Erlang code.
1) using httpc.requests to access the secure URL.
2) In the SSL options, we have made {verify:verify_peer} and {crl_check:peer}.
3) Also we have added the CRL file in local cache by ssl_crl_cache:insert(file). CRL file is downloaded from CDP via http.
Questions
1) With above setup the CRL validation not failing for revoked URL. Any idea if the approach is wrong. we followed the erlang.org docs.
2) Also how we can extend this when there is a CDP[CRL distribution point] to get the dynamic CRL file.
3) And how to do above with CDP URL embedded in Server hello message in the SSL negotiation.
It will be great to see a sample code with CRL validation in Erlang for SSL HTTP access. We are using Erlang/OTP 18.1.
All comments are welcome :)
Regards
Soumya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180530/752d0a39/attachment.htm>
More information about the erlang-questions
mailing list