[erlang-questions] Upgrading gen_tcp socket to ssl

Francesca Gangemi francesca.gangemi@REDACTED
Thu Dec 4 18:16:22 CET 2008


Ingela Anderton Andin wrote:
>> But when I try ssl:connect(Gen_tcp_socket,[{verify,0}]), I get
>> {eoptions,{cacertfile,[]}}.
>> The Gen_tcp_socket is a socket created using gen_tcp:connect/3.
>> Since {verify,0}, why is a cacertfile required.
> Verify options was one of the things that was not fully implemented.
> Ssl-3.10 will soon be out in R12B-5 and then the new ssl-implementation
> will be much more complete but still there are a few limitations left 
> before it can completely replace the old ssl. You are welcome to try it
> and we are of course interested in any feedback that you might have.

I'm using ssl-3.10 and I still see the same problem:
"cacertfile" is required even if {verify,0} is explicitly specified as 
option .

As example

 ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0},{ssl_imp,new}]).

 ssl:connect("zimbra.erlangsystems.com", 443, [{verify,0}]).             

Trying to upgrade a tcp socket I put as cacertfile the filename of a 
certificate I have on my machine and I've got the following error report

 {verify,0}, {ssl_imp, new}])

=ERROR REPORT==== 4-Dec-2008::17:57:05 ===
SSL: hello: ./ssl_record.erl:291:Fatal error: record_overflow

Btw, is it written anywhere in the doc that ssl needs public_key? I 
thought crypto was the only required application...

Kind regards

Francesca Gangemi, francesca@REDACTED
Erlang Training and Consulting

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20081204/eda64d64/attachment.htm>

More information about the erlang-questions mailing list