[erlang-questions] ssl get server certificates
Andrew Thompson
andrew@REDACTED
Tue Jan 28 17:52:01 CET 2014
On Tue, Jan 28, 2014 at 06:18:41PM +0200, Dmitry Kolesnikov wrote:
> Hello,
>
> I was trying to google the issue and browse through the list archive but have not found an answer to my questions.
> I am trying to read all certificates transmitted by server during SSL negotiation.
> It looks for me that ssl:peercert(…) returns only “leaf” certificate.
>
> e.g. I am doing https://www.google.com connection. Wireshark shows multiple certificate(s) with total size about 7K but ssl:percent(…) returns only 1.1K “leaf” certification.
>
> May be one option is custom verify_certificate implementation!?
>
Yes a custom verify function is passed all the certificates the server
provides to verify the chain:
https://github.com/Vagabond/erl_crl_example/blob/master/src/client.erl#L90-L99
valid_peer is the peer certificate and valid are the server
certificates.
Andrew
More information about the erlang-questions
mailing list