Hi igwan,<br>that's exacly what i have to do, testing the hash of the certificate against a database, but i need to block them at the accept phase, not after connection.<br>Thanks.<br><br><div class="gmail_quote">On Wed, Jul 9, 2008 at 8:40 PM, igwan <<a href="mailto:igwan@free.fr">igwan@free.fr</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br>
I don't know if it fits your goals exactly but you could use ssl:peercert(Socket) when connection is established and drop it if appropriate. I used this to match (a MD5 of) the client's certificate against a list of permitted users in database.<br>
<br>
igwan<br>
<br>
Nicola Lugato wrote :<div><div></div><div class="Wj3C7c"><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello,<br>
i'm considering porting some code of mine to erlang. It's a network server that uses SSL.<br>
It makes use of the callback that you can specify on SSL_set_verify (and similar) to check if a peer is allowed to connect, based on data in its certificate.<br>
<br>
(see: <a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html" target="_blank">http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html</a>)<br>
<br>
I've checked the documentation of the SSL application in Erlang (<a href="http://www.erlang.org/doc/apps/ssl/index.html" target="_blank">http://www.erlang.org/doc/apps/ssl/index.html</a>), but i couldn't find a way to supply such a callback. Is it possible?<br>
This is a fundamental feature of my server so it would be a blocking problem.<br>
<br>
Thanks, Nicola<br>
</blockquote>
<br>
</div></div></blockquote></div><br>