Cowboy TLS verifies SAN and CN

Question

Cowboy TLS verifies SAN and CN

lauragrechenko opened this issue 2 years ago · 3 comments

Hello,
we have a server which uses Cowboy with the ssl option {verify, verify_peer}.
But the server accepts the client requests and ignores SAN values.

Does Cowboy (ssl verify_peer option) validate SAN and CN or should it be implemented by users (in verify_fun for ex.)?
Thank you for your time and help.

Answer 1 · 2023-01-30T13:45:22.000Z

Cowboy doesn't do anything it only gives the options you provide to the ssl application. Cowboy only sets ALPN.

Answer 2 · 2023-01-30T13:49:57.000Z

@essen Thank you. I saw that it gives all provided options to ssl.
But maybe you know if setup veify_peer in Cowboy, as a result, SAN is verified or not because on different forums I saw different answers.

Answer 3 · 2023-01-30T13:51:03.000Z

I'm not following ssl closely. I suspect it might differ depending on Erlang version, but I don't really know.