[erlang-questions] ssl certificate verification in httpc

Ivan Uemlianin ivan@REDACTED
Tue Jul 15 13:27:34 CEST 2014


Dear Robby

Thanks for your comment.  I'm not sure if I need to verify the 
certificate either :D.  I was assuming the client needs to verify the 
certificate otherwise how is the connection "secure"?

[more or less completely ignorant about ssl]

Of course if the client doesn't need to verify the certificate that 
would be most convenient.

Best wishes

Ivan


On 15/07/2014 12:18, Robert Raschke wrote:
> Hi Ivan,
>
> are you sure you need to verify the certificate? If SSL is only used for
> encryption, then a simple request will do the trick, that is, just leave
> out the ssl option.
>
> I've never verified a cert, so if you do need that, hopefully someone
> else can be of assistance.
>
> Regards,
> Robby
>
>
>
> On 15 July 2014 11:58, Ivan Uemlianin <ivan@REDACTED
> <mailto:ivan@REDACTED>> wrote:
>
>     Dear All
>
>     I am using httpc to access a web server over https.  From reading
>     the erlang ssl docs, this looks like the right way to do it:
>
>          Url = "https://bla.org/bla",
>          SSLOpts = [{verify, verify_peer},
>                     {cacertfile,"certificates.crt"__}],
>          httpc:request(get, {Url, []}, [{ssl,SSLOpts}], []).
>
>     But this returns an unknown ca error:
>
>          {error,{failed_connect,[{to___address,{"bla.org
>     <http://bla.org>", 443}},
>                                  {inet,[inet],{tls_alert,"__unknown ca"}}]}}
>          11:06:04.942 [error] SSL: certify: ssl_handshake.erl:1344:Fatal
>     error: unknown ca
>
>     The certificates file is in pem format, and I can't see from the
>     docs page what ssl options I might add.  Is there somewhere else I
>     need to add a reference to the CA?
>
>     In short, what am I missing to be able to verify this certificate?
>
>     With thanks and best wishes
>
>     Ivan
>
>
>     --
>     ==============================__==============================
>     Ivan A. Uemlianin PhD
>     Llaisdy
>     Speech Technology Research and Development
>
>     ivan@REDACTED <mailto:ivan@REDACTED>
>     www.llaisdy.com <http://www.llaisdy.com>
>     llaisdy.wordpress.com <http://llaisdy.wordpress.com>
>     github.com/llaisdy <http://github.com/llaisdy>
>     www.linkedin.com/in/__ivanuemlianin
>     <http://www.linkedin.com/in/ivanuemlianin>
>
>                              festina lente
>     ==============================__==============================
>     _________________________________________________
>     erlang-questions mailing list
>     erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>     http://erlang.org/mailman/__listinfo/erlang-questions
>     <http://erlang.org/mailman/listinfo/erlang-questions>
>
>

-- 
============================================================
Ivan A. Uemlianin PhD
Llaisdy
Speech Technology Research and Development

                     ivan@REDACTED
                      www.llaisdy.com
                          llaisdy.wordpress.com
               github.com/llaisdy
                      www.linkedin.com/in/ivanuemlianin

                         festina lente
============================================================



More information about the erlang-questions mailing list