<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 19, 2014 at 6:17 AM, Ransom Richardson <span dir="ltr"><<a href="mailto:ransomr@talko.com" target="_blank">ransomr@talko.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">
<div style="font-size:12pt;font-family:Calibri,Arial,Helvetica,sans-serif">
<p>But as I reported in this issue <a href="https://github.com/benoitc/hackney/issues/101" target="_blank">https://github.com/benoitc/hackney/issues/101</a> I tested against a server with an invalid cert, and hackney did not catch the error. httpc also returned ok.<br>
</p>
<p><br>
</p>
<p></p>
<pre style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:13px;margin-top:15px;margin-bottom:15px;background-color:rgb(248,248,248);border:1px solid rgb(221,221,221);line-height:19px;overflow:auto;padding:6px 10px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-wrap:normal;color:rgb(51,51,51)">
<code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;margin:0px;border:none;background-color:transparent;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;padding:0px;word-wrap:normal;display:inline;line-height:inherit">1> hackney:get(<<"<a href="https://localhost:8443/delay" target="_blank">https://localhost:8443/delay</a>">>, [], <<>>, []).
{ok,200,
[{<<"connection">>,<<"keep-alive">>},
{<<"server">>,<<"Cowboy">>},
{<<"date">>,<<"Sat, 19 Apr 2014 00:00:26 GMT">>},
{<<"content-length">>,<<"0">>}],
#Ref<0.0.0.111>}</code><br></pre>
<p>The same happens if I pass validate_peer and the rootCA file as ssl_options.<br>
</p>
<p><br>
</p>
<p>curl correctly rejects the server:<br>
</p><div class="">
<p><br>
</p>
<pre style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:13px;margin-top:15px;background-color:rgb(248,248,248);border:1px solid rgb(221,221,221);line-height:19px;overflow:auto;padding:6px 10px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-wrap:normal;color:rgb(51,51,51);margin-bottom:0px!important">
<code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;margin:0px;border:none;background-color:transparent;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;padding:0px;word-wrap:normal;display:inline;line-height:inherit">talko@ubuntu:~/dev/httpcbench$ curl <a href="https://localhost:8443/delay" target="_blank">https://localhost:8443/delay</a>
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
talko@ubuntu:~/dev/httpcbench$ curl --cacert priv/ssl/rootCA.pem <a href="https://localhost:8443/delay" target="_blank">https://localhost:8443/delay</a>
curl: (51) SSL: certificate subject name 'httpcbench server' does not match target host name 'localhost'</code><br></pre>
<p><br>
</p>
</div><p>This is using Erlang 17.0. Is it possible that the ssl default changed?<br>
</p>
<p><br>
</p>
<p>Or am I doing something wrong?<br>
</p>
<p><br>
</p>
<p>The server I'm testing against is in this repo: <a href="https://github.com/talko/httpcbench." target="_blank">https://github.com/talko/httpcbench.</a> It's a work in progress, but if you pull, make and run_server you should see the same issue. <br>
</p>
<p><br>
</p>
<p>thanks,<br>
</p>
<p>Ransom<br>
</p>
<p><br></p></div></div></blockquote><div><br></div><div>hrm looks like the default is verify_none:</div><div><br></div><div><a href="https://github.com/erlang/otp/blob/maint/lib/ssl/src/ssl.erl#L594">https://github.com/erlang/otp/blob/maint/lib/ssl/src/ssl.erl#L594</a></div>
<div><br></div><div>But it's early in the morning and I need more cafe, so...</div><div><br></div><div>- benoit</div></div></div></div>