[erlang-questions] SSL: SSL_set_verify callback

igwan igwan@REDACTED
Wed Jul 9 20:40:47 CEST 2008


I don't know if it fits your goals exactly but you could use 
ssl:peercert(Socket) when connection is established and drop it if 
appropriate. I used this to match (a MD5 of) the client's certificate 
against a list of permitted users in database.


Nicola Lugato wrote :
> Hello,
>  i'm considering porting some code of mine to erlang. It's a network 
> server that uses SSL.
> It makes use of the callback that you can specify on SSL_set_verify 
> (and similar) to check if a peer is allowed to connect, based on data 
> in its certificate.
> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
> I've checked the documentation of the SSL application in Erlang 
> (http://www.erlang.org/doc/apps/ssl/index.html), but i couldn't find a 
> way to supply such a callback. Is it possible?
> This is a fundamental feature of my server so it would be a blocking 
> problem.
> Thanks, Nicola

More information about the erlang-questions mailing list