[erlang-questions] SSL: SSL_set_verify callback (Nicola Lugato)
Ingela Anderton Andin
Wed Feb 4 08:35:43 CET 2009
Nicola Lugato wrote:
> Hello, could you update me on this issue?
> What's the status of the new implementation? (btw, is it the "new_ssl"
> explained here http://erlang.org/doc/man/new_ssl.html or something else?)
Yes it is the ssl explained there. There will be a new version in in the
R13 release sometime in the end of Mars that will include possibilities to
do such things that you want. New ssl will still not be a 100 %
complete but there will be a possibility to add handling of policy and
CRL-list cert extensions
yourself if you have critical extensions of that kind.
Regards - Ingela Erlang/OTP, Ericsson
> Many thanks, Nicola
> On Mon, Jul 28, 2008 at 2:33 PM, Ingela Anderton Andin
> <ingela@REDACTED <mailto:ingela@REDACTED>> wrote:
> I am not sure that the existing Erlang API towards openssl lets
> you get
> at this functionallity, however we are working
> on a new ssl-implementation, that does not use openssl for
> communication only for cryptographics,
> where you will be able to do the corresponding. I can not make any
> promises regarding when we
> can release this but it is in the pipeline and should be ready in
> a not
> too distant future. There is a beta-version of new ssl in R12B
> but you would have to hack it as that functionality is not yet
> in the API. (That code has also changed quite a lot since the R12B
> Regards - Ingela Erlang/OTP, Ericsson
> > >>>
> > >>> Hello,
> > >>> i'm considering porting some code of mine to erlang. It's a
> > >>> server that uses SSL.
> > >>> It makes use of the callback that you can specify on
> SSL_set_verify (and
> > >>> similar) to check if a peer is allowed to connect, based on
> data in its
> > >>> certificate.
> > >>>
> > >>> (see: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
> > >>>
> > >>> I've checked the documentation of the SSL application in Erlang
> > >>> (http://www.erlang.org/doc/apps/ssl/index.html), but i
> couldn't find a way
> > >>> to supply such a callback. Is it possible?
> > >>> This is a fundamental feature of my server so it would be a
> > >>> problem.
> > >>>
> > >>> Thanks, Nicola
> erlang-questions mailing list
> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
More information about the erlang-questions