inetc / ssl problem
Ingela Andin
ingela.andin@REDACTED
Thu Sep 2 14:20:40 CEST 2021
Hi!
Because you are just enforcing the insecure default of not verifying the
certificate path!
If you want to get rid of the warning you need to use {verify, verify_peer}
and then you also need
to supply some trusted certs. One of the reasons for the default is just
that, that the secure way requires more config.
Regards Ingela Erlang/OTP Team - Ericsson AB
Den tors 2 sep. 2021 kl 14:07 skrev Eckard Brauer <eckard.brauer@REDACTED>:
> Hello,
>
> I'm bit stuck with trying to avoid an ssl warning when retrieving a
> HTTPS page like that:
>
> ssl:start(),
> inets:start(),
> Url = "https://www.heise.de/newsticker",
> {ok, {{_, 200,__}, _, Contents}} =
> httpc:request(get,
> {Url, []},
> [{ssl, [{verify, verify_none}]}],
> []).
>
> getting that:
> =WARNING REPORT==== 2-Sep-2021::13:46:08.010679 ===
> Description: "Authenticity is not established by certificate path
> validation"
> Reason: "Option {verify, verify_peer} and cacertfile/cacerts is
> missing"
> ...
>
>
> What's the reason the warning won't go away with the ssl verify option -
> where's my fault?
>
> Thanks in advance
> Eckard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20210902/0d17ac62/attachment.htm>
More information about the erlang-questions
mailing list