<div dir="ltr"><div><div>Hi Ivan,<br><br></div>SSL essentially does two things at once: encrypts the data and checks if client and/or server are who they say they are. The latter is where certificate verification comes into play, the encryption part is always done and usually automatically negotiated between client and server.<br>
<br></div><div>So, if all you are aiming for is encrypting the data travelling between client and server, then you don't need the ssl option. Just point your httpc:request at an "https://..." URL and the encryption is handled for you without you having to do anything more.<br>
<br></div><div>Hope this helps,<br></div><div>Robby<br><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 July 2014 12:27, Ivan Uemlianin <span dir="ltr"><<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Robby<br>
<br>
Thanks for your comment. I'm not sure if I need to verify the certificate either :D. I was assuming the client needs to verify the certificate otherwise how is the connection "secure"?<br>
<br>
[more or less completely ignorant about ssl]<br>
<br>
Of course if the client doesn't need to verify the certificate that would be most convenient.<br>
<br>
Best wishes<br>
<br>
Ivan<div class=""><br>
<br>
<br>
On 15/07/2014 12:18, Robert Raschke wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
Hi Ivan,<br>
<br>
are you sure you need to verify the certificate? If SSL is only used for<br>
encryption, then a simple request will do the trick, that is, just leave<br>
out the ssl option.<br>
<br>
I've never verified a cert, so if you do need that, hopefully someone<br>
else can be of assistance.<br>
<br>
Regards,<br>
Robby<br>
<br>
<br>
<br>
On 15 July 2014 11:58, Ivan Uemlianin <<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a><br></div><div class="">
<mailto:<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a>>> wrote:<br>
<br>
Dear All<br>
<br>
I am using httpc to access a web server over https. From reading<br>
the erlang ssl docs, this looks like the right way to do it:<br>
<br>
Url = "<a href="https://bla.org/bla" target="_blank">https://bla.org/bla</a>",<br>
SSLOpts = [{verify, verify_peer},<br></div>
{cacertfile,"certificates.crt"<u></u>__}],<div class=""><br>
httpc:request(get, {Url, []}, [{ssl,SSLOpts}], []).<br>
<br>
But this returns an unknown ca error:<br>
<br></div>
{error,{failed_connect,[{to___<u></u>address,{"<a href="http://bla.org" target="_blank">bla.org</a><br>
<<a href="http://bla.org" target="_blank">http://bla.org</a>>", 443}},<br>
{inet,[inet],{tls_alert,"__<u></u>unknown ca"}}]}}<div class=""><br>
11:06:04.942 [error] SSL: certify: ssl_handshake.erl:1344:Fatal<br>
error: unknown ca<br>
<br>
The certificates file is in pem format, and I can't see from the<br>
docs page what ssl options I might add. Is there somewhere else I<br>
need to add a reference to the CA?<br>
<br>
In short, what am I missing to be able to verify this certificate?<br>
<br>
With thanks and best wishes<br>
<br>
Ivan<br>
<br>
<br>
--<br></div>
==============================<u></u>__============================<u></u>==<div class=""><br>
Ivan A. Uemlianin PhD<br>
Llaisdy<br>
Speech Technology Research and Development<br>
<br></div>
<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a> <mailto:<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a>><br>
<a href="http://www.llaisdy.com" target="_blank">www.llaisdy.com</a> <<a href="http://www.llaisdy.com" target="_blank">http://www.llaisdy.com</a>><br>
<a href="http://llaisdy.wordpress.com" target="_blank">llaisdy.wordpress.com</a> <<a href="http://llaisdy.wordpress.com" target="_blank">http://llaisdy.wordpress.com</a>><br>
<a href="http://github.com/llaisdy" target="_blank">github.com/llaisdy</a> <<a href="http://github.com/llaisdy" target="_blank">http://github.com/llaisdy</a>><br>
<a href="http://www.linkedin.com/in/__ivanuemlianin" target="_blank">www.linkedin.com/in/__<u></u>ivanuemlianin</a><br>
<<a href="http://www.linkedin.com/in/ivanuemlianin" target="_blank">http://www.linkedin.com/in/<u></u>ivanuemlianin</a>><br>
<br>
festina lente<br>
==============================<u></u>__============================<u></u>==<br>
______________________________<u></u>___________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a> <mailto:<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@<u></u>erlang.org</a>><br>
<a href="http://erlang.org/mailman/__listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/__<u></u>listinfo/erlang-questions</a><br>
<<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/<u></u>listinfo/erlang-questions</a>><br>
<br>
<br>
</blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
==============================<u></u>==============================<br>
Ivan A. Uemlianin PhD<br>
Llaisdy<br>
Speech Technology Research and Development<br>
<br>
<a href="mailto:ivan@llaisdy.com" target="_blank">ivan@llaisdy.com</a><br>
<a href="http://www.llaisdy.com" target="_blank">www.llaisdy.com</a><br>
<a href="http://llaisdy.wordpress.com" target="_blank">llaisdy.wordpress.com</a><br>
<a href="http://github.com/llaisdy" target="_blank">github.com/llaisdy</a><br>
<a href="http://www.linkedin.com/in/ivanuemlianin" target="_blank">www.linkedin.com/in/<u></u>ivanuemlianin</a><br>
<br>
festina lente<br>
==============================<u></u>==============================<br>
</div></div></blockquote></div><br></div>