From: Per A. <avt...@gm...> - 2010-09-30 14:29:05
|
Hi! I use Yaws 1.88 in embedded mode together with self-signed SSL certs. It seems that there is some discrepancy in the Yaws docs... verify = 1 | 2 | 3 Specifies the level of verification the server does on client certs. 1 means nothing, 2 means the the server will ask the client for a cert but not fail if the client does not supply a client cert, 3 means that the server requires the client to sup- ply a client cert. But when I actually set #ssl.verify = 2 I get crashes in my application and the client complains about SSL protocol failure. The log shows ** Reason for termination = ** {function_clause, [{ssl_connection,handle_alert, [{alert,1,41,{"./ssl_connection.erl",1622}}, certify, Which seems to indicate that an SSL alert number 41 (no certificate) is raised. Which seems to be reasonable since I don't include any client cert in my request. Furthermore when I set #ssl.verify = 3 I get this =ERROR REPORT==== 30-Sep-2010::14:13:22 === Yaws: Failed to listen 0.0.0.0:8443 : {error,{eoptions,{verify,3}}} =ERROR REPORT==== 30-Sep-2010::14:13:22 === Can't listen to socket: {error,{eoptions,{verify,3}}} It seems to not even be possible to use it. Is it so that #ssl.verify = 1 is actually 2, and 2 is actually 3? Best regards, Per |