[erlang-questions] example of partial_chain in SSL

Benoit Chesneau bchesneau@REDACTED
Wed Jun 24 19:52:28 CEST 2015


I tried to use the partial_chain option in SSL to fix an unknown_ca issue
but the  function is never executed:

The code is:

    enum_cacerts([], _Certs) ->
    enum_cacerts([Cert| Rest], Certs) ->
        case lists:member(Cert, Certs) of
            true -> {trusted_ca, Cert};
            false -> enum_cacerts(Rest, Certs)

        CACertFile = filename:join(hackney_util:privdir(),
        {ok, ServerCAs} = file:read_file(CACertFile),
        Pems = public_key:pem_decode(ServerCAs),
        CaCerts = lists:map(fun({_, Der, _}) -> Der end, Pems),

        PartialChain =  fun(ChainCerts) ->
                            enum_cacerts(CaCerts, ChainCerts)

And the SSL options are:

                    [{partial_chain, PartialChain},
                     {cacerts, CaCerts},
                     {server_name_indication, Host},
                     {verify_fun, {fun ssl_verify_hostname:verify_fun/3,
                                   [{check_hostname, Host}]}},
                     {verify, verify_peer},
                     {depth, 99}];

What am I doing wrong? I am not sure actually why the function is never
executed. Any idea is welcome...

- benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150624/754975f5/attachment.htm>

More information about the erlang-questions mailing list