[erlang-questions] SSL: SSL_set_verify callback

Nicola Lugato nicola.lugato@REDACTED
Mon Jul 14 20:36:45 CEST 2008

igwan, how do you accept generic connections? i'm making some tests
but even with verify=0 it search the cacert file and reject any
attempt with the following error:

** exited: {{badmatch,{error,'unknown:0'}},
             {shell,eval_loop,3}]} **

On Wed, Jul 9, 2008 at 9:16 PM, Nicola Lugato <nicola.lugato@REDACTED> wrote:
> Hi igwan,
> that's exacly what i have to do, testing the hash of the certificate against
> a database, but i need to block them at the accept phase, not after
> connection.
> Thanks.
> On Wed, Jul 9, 2008 at 8:40 PM, igwan <igwan@REDACTED> wrote:
>> Hi,
>> I don't know if it fits your goals exactly but you could use
>> ssl:peercert(Socket) when connection is established and drop it if
>> appropriate. I used this to match (a MD5 of) the client's certificate
>> against a list of permitted users in database.
>> igwan
>> Nicola Lugato wrote :
>>> Hello,
>>>  i'm considering porting some code of mine to erlang. It's a network
>>> server that uses SSL.
>>> It makes use of the callback that you can specify on SSL_set_verify (and
>>> similar) to check if a peer is allowed to connect, based on data in its
>>> certificate.
>>> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
>>> I've checked the documentation of the SSL application in Erlang
>>> (http://www.erlang.org/doc/apps/ssl/index.html), but i couldn't find a way
>>> to supply such a callback. Is it possible?
>>> This is a fundamental feature of my server so it would be a blocking
>>> problem.
>>> Thanks, Nicola

More information about the erlang-questions mailing list