Enabling SSL CRL revocation validation for secure URLS in Erlang

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Enabling SSL CRL revocation validation for secure URLS in Erlang

Soumya Shankar Sardar

Hi ,

Need some help on SSL CRL revocation validation enabled for HTTPS in Erlang code.

1) using httpc.requests to access the secure URL.
2) In the SSL options, we have made {verify:verify_peer} and {crl_check:peer}.
3) Also we have added the CRL file in local cache by ssl_crl_cache:insert(file). CRL file is downloaded from CDP via http.

Questions
1) With above setup the CRL validation not failing for revoked URL. Any idea if the approach is wrong. we followed the erlang.org docs.
2) Also how we can extend this when there is a CDP[CRL distribution point] to get the dynamic CRL file.
3) And how to do above with CDP URL embedded in Server hello message in the SSL negotiation.

It will be great to see a sample code with CRL validation in Erlang for SSL HTTP access. We are using Erlang/OTP 18.1.

All comments are welcome :)

 

Regards

Soumya


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Enabling SSL CRL revocation validation for secure URLS in Erlang

Ingela Andin
Hi!

If you expect CRL validation to work smooth please upgrade your Erlang/OTP version.  We will consider extending the user guide. For now you can always look at the test suites. 

Regards Ingela Erlang/OTP team - Ericsson AB

2018-05-30 11:04 GMT+02:00 Soumya Shankar Sardar <[hidden email]>:

Hi ,

Need some help on SSL CRL revocation validation enabled for HTTPS in Erlang code.

1) using httpc.requests to access the secure URL.
2) In the SSL options, we have made {verify:verify_peer} and {crl_check:peer}.
3) Also we have added the CRL file in local cache by ssl_crl_cache:insert(file). CRL file is downloaded from CDP via http.

Questions
1) With above setup the CRL validation not failing for revoked URL. Any idea if the approach is wrong. we followed the erlang.org docs.
2) Also how we can extend this when there is a CDP[CRL distribution point] to get the dynamic CRL file.
3) And how to do above with CDP URL embedded in Server hello message in the SSL negotiation.

It will be great to see a sample code with CRL validation in Erlang for SSL HTTP access. We are using Erlang/OTP 18.1.

All comments are welcome :)

 

Regards

Soumya


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions