[erlang-questions] example of partial_chain in SSL
Benoit Chesneau
bchesneau@REDACTED
Wed Jun 24 19:52:28 CEST 2015
Hi,
I tried to use the partial_chain option in SSL to fix an unknown_ca issue
but the function is never executed:
The code is:
enum_cacerts([], _Certs) ->
unknown_ca;
enum_cacerts([Cert| Rest], Certs) ->
case lists:member(Cert, Certs) of
true -> {trusted_ca, Cert};
false -> enum_cacerts(Rest, Certs)
end.
CACertFile = filename:join(hackney_util:privdir(),
"ca-bundle.crt"),
{ok, ServerCAs} = file:read_file(CACertFile),
Pems = public_key:pem_decode(ServerCAs),
CaCerts = lists:map(fun({_, Der, _}) -> Der end, Pems),
PartialChain = fun(ChainCerts) ->
enum_cacerts(CaCerts, ChainCerts)
end,
And the SSL options are:
[{partial_chain, PartialChain},
{cacerts, CaCerts},
{server_name_indication, Host},
{verify_fun, {fun ssl_verify_hostname:verify_fun/3,
[{check_hostname, Host}]}},
{verify, verify_peer},
{depth, 99}];
What am I doing wrong? I am not sure actually why the function is never
executed. Any idea is welcome...
- benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150624/754975f5/attachment.htm>
More information about the erlang-questions
mailing list