Hi!
I use Yaws 1.88 in embedded mode together with self-signed SSL certs.
It seems that there is some discrepancy in the Yaws docs...
verify = 1 | 2 | 3
Specifies the level of verification the server does on client
certs. 1 means nothing, 2 means the the server will ask the
client for a cert but not fail if the client does not supply a
client cert, 3 means that the server requires the client to sup-
ply a client cert.
But when I actually set #ssl.verify = 2 I get crashes in my application and
the client complains about SSL protocol failure. The log shows
** Reason for termination =
** {function_clause,
[{ssl_connection,handle_alert,
[{alert,1,41,{"./ssl_connection.erl",1622}},
certify,
Which seems to indicate that an SSL alert number 41 (no certificate) is raised.
Which seems to be reasonable since I don't include any client cert in my
request.
Furthermore when I set #ssl.verify = 3 I get this
=ERROR REPORT==== 30-Sep-2010::14:13:22 ===
Yaws: Failed to listen 0.0.0.0:8443 : {error,{eoptions,{verify,3}}}
=ERROR REPORT==== 30-Sep-2010::14:13:22 ===
Can't listen to socket: {error,{eoptions,{verify,3}}}
It seems to not even be possible to use it.
Is it so that #ssl.verify = 1 is actually 2, and 2 is actually 3?
Best regards,
Per
|