[erlang-questions] SSL: SSL_set_verify callback

Nicola Lugato nicola.lugato@REDACTED
Wed Jul 9 21:16:45 CEST 2008


Hi igwan,
that's exacly what i have to do, testing the hash of the certificate against
a database, but i need to block them at the accept phase, not after
connection.
Thanks.

On Wed, Jul 9, 2008 at 8:40 PM, igwan <igwan@REDACTED> wrote:

> Hi,
>
> I don't know if it fits your goals exactly but you could use
> ssl:peercert(Socket) when connection is established and drop it if
> appropriate. I used this to match (a MD5 of) the client's certificate
> against a list of permitted users in database.
>
> igwan
>
> Nicola Lugato wrote :
>
>  Hello,
>>  i'm considering porting some code of mine to erlang. It's a network
>> server that uses SSL.
>> It makes use of the callback that you can specify on SSL_set_verify (and
>> similar) to check if a peer is allowed to connect, based on data in its
>> certificate.
>>
>> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
>>
>> I've checked the documentation of the SSL application in Erlang (
>> http://www.erlang.org/doc/apps/ssl/index.html), but i couldn't find a way
>> to supply such a callback. Is it possible?
>> This is a fundamental feature of my server so it would be a blocking
>> problem.
>>
>> Thanks, Nicola
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20080709/3b3cc0e5/attachment.htm>


More information about the erlang-questions mailing list