[erlang-questions] Strange behaviour of SSL verify depth option

Andrew Thompson andrew@REDACTED
Wed Apr 11 17:13:42 CEST 2012


On Wed, Apr 11, 2012 at 01:12:51PM +0200, Ingela Andin wrote:
> Humm... maybe this could be expressed clearer (that phrasing has been
> around for a while)
> 
> The depth is  the maximum number of non-self-issued intermediate
> certificates that may follow the
> peer certificate in a valid certification path.  So if depth is 0 the
> PEER must be signed by the trusted  ROOT-CA directly, if 1 the path
> can be PEER, CA, ROOT-CA, if it is 2 PEER, CA, CA, ROOT-CA and so on.

Ok, that makes a LOT more sense. I'd definitely recommend clarifying the
documentation.

Thanks,

Andrew



More information about the erlang-questions mailing list