From: Claes W. <kl...@ta...> - 2009-05-29 08:49:34
|
Hello list, New release - 1.82 - with a set of fixes by various folks. - Steve has done some optimizations and fixes, - Fabian Alenius from Kreditor has cleaned up and enhanced the auth code. Still need some better docs describing the various auth methods that are now available - joe_e_e contributes some patches - one in particular that may actually cause some trouble - we've moved all the yaws files from ${sysconfdir} to $[sysconfdir}/yaws - i.e /etc --> /etc/etc/yaws - I found one particularly annoying bug with HOME being unset which caused yaws to fail when being started from /etc/rc Also - I once again tried the new SSL implementation (R13B) but it's still unusable - it "requires" a CA cert to run. Code and relnotes as usually at http://yaws.hyber.org I've pushed the tag 1.82 to github as well. Enjoy /klacke |
From: Robert R. <rtr...@go...> - 2009-05-29 15:41:19
|
On 5/29/09, Claes Wikström <kl...@ta...> wrote: > > Hello list, > > New release - 1.82 - with a set of fixes by various folks. > ... > Also - I once again tried the new SSL implementation (R13B) but > it's still unusable - it "requires" a CA cert to run. I think the ssl lib example that's part of the Erlang shows how to set up your own self-certifying CA. You can then use that to create certificates that can be used by newssl. I tried that once in R12B. You still need openssl for the creation of the certs, of course. Robby |
From: Claes W. <kl...@ta...> - 2009-05-29 22:12:25
|
Robert Raschke wrote: > I think the ssl lib example that's part of the Erlang shows how to set > up your own self-certifying CA. You can then use that to create > certificates that can be used by newssl. I tried that once in R12B. > You still need openssl for the creation of the certs, of course. > Ehh ... I know how to set up a self signed cert. That's not the point The point is that the ssl server doesn't need the CA cert. It's pointless - and especially pointless to require the ca cert since the ca cert is not going to be - neither sent to the client - nor used by the server side code to process a client request. Thus requiring a CA cert is a bug. /klacke |
From: Claes W. <kl...@ta...> - 2009-05-30 22:11:00
|
Claes Wikstrom wrote: > Robert Raschke wrote: > >> I think the ssl lib example that's part of the Erlang shows how to set >> up your own self-certifying CA. You can then use that to create >> certificates that can be used by newssl. I tried that once in R12B. >> You still need openssl for the creation of the certs, of course. >> > > Ehh ... I know how to set up a self signed cert. I'm sorry for the snotty von-oben tone in the previous mail. I'm just so goddamn irritated by the OTP developers - The CA cert issue has been there since their first release - it's like they have one single environment to test their code in, and it just happens to be a CA cert in there. /klacke |