Erlang/OTP Forums
Author Message

<  Advanced Erlang/OTP  ~  Erlang Https connection disable certificate
vinu76jsr
Posted: Wed Apr 28, 2010 12:28 pm Reply with quote
Joined: 20 Apr 2010 Posts: 3 Location: bangalore
I am porting a program written in java to erlang , at one point when it sends a https request, the target domain doesnot have proper certificate , is there a way to disable certificate check in erlang,
in java I did it as(found via google)
Code:

public static void disableSSLCertificateChecking() {

        TrustManager[] trustAllCerts = new TrustManager[]{

            new X509TrustManager() {

                public X509Certificate[] getAcceptedIssuers() {

                    return null;

                }



                public void checkClientTrusted(X509Certificate[] certs,

                        String authType) {

                }



                public void checkServerTrusted(X509Certificate[] certs,

                        String authType) {

                }

            }

        };



        try {

            SSLContext sc = SSLContext.getInstance("SSL");



            sc.init(null, trustAllCerts, new java.security.SecureRandom());





            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        } catch (KeyManagementException kme) {

            kme.printStackTrace();

        } catch (NoSuchAlgorithmException nsae) {

            nsae.printStackTrace();

        }

    }

thanks for any help. I am using ibrowse for acces, but inet solution will also do just fine[/code]
Back to top View user's profile Send private message
Michal Ptaszek
Posted: Thu Apr 29, 2010 7:34 am Reply with quote
User Joined: 01 May 2008 Posts: 35 Location: Krakow
I have never used ibrowse, but according to the httpc (inets HTTP client) and Erlang ssl documentation it is possible to verify the peer's certificate.

When doing the HTTPS request, provide the following SSL options:
Code:

{ssl,
      [{verify, 2},
       {cacertfile, Path}]}


{verify, 2} means that we would like to verify peer and fail if there is no peer certificate

{cacertfile, Path} points to a file containing PEM encoded CA certificates (trusted certificates used for verifying a peer certificate)

For more details visit:
http://www.erlang.org/doc/man/httpc.html
http://www.erlang.org/doc/man/ssl.html
Back to top View user's profile Send private message

Display posts from previous:  

All times are GMT
View next topic
View previous topic
Page 1 of 1
Erlang Forum - Trap Exit Forum Index  ~  Advanced Erlang/OTP
This forum is locked: you cannot post, reply to, or edit topics.

Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Hosted by Erlang Solutions    |    Powered by phpBB and NoseBleed 1.14