inetc / ssl problem

Ingela Andin ingela.andin@REDACTED
Thu Sep 2 14:20:40 CEST 2021


Hi!

Because you are just enforcing the insecure default of not verifying the
certificate path!
If you want to get rid of the warning you need to use {verify, verify_peer}
and then you also need
to supply  some trusted certs.  One of the reasons for the default is just
that, that the secure way requires more config.

Regards Ingela Erlang/OTP Team - Ericsson AB

Den tors 2 sep. 2021 kl 14:07 skrev Eckard Brauer <eckard.brauer@REDACTED>:

> Hello,
>
> I'm bit stuck with trying to avoid an ssl warning when retrieving a
> HTTPS page like that:
>
> ssl:start(),
> inets:start(),
> Url = "https://www.heise.de/newsticker",
> {ok, {{_, 200,__}, _,  Contents}} =
>         httpc:request(get,
>                       {Url, []},
>                       [{ssl, [{verify, verify_none}]}],
>                       []).
>
> getting that:
> =WARNING REPORT==== 2-Sep-2021::13:46:08.010679 ===
> Description: "Authenticity is not established by certificate path
> validation"
>      Reason: "Option {verify, verify_peer} and cacertfile/cacerts is
> missing"
> ...
>
>
> What's the reason the warning won't go away with the ssl verify option -
> where's my fault?
>
> Thanks in advance
> Eckard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20210902/0d17ac62/attachment.htm>


More information about the erlang-questions mailing list