c3da990cdb
erlang-pkix is a certificates management library for Erlang. It is a dependency for the last release of chat/ejabberd.
18 lines
966 B
Text
18 lines
966 B
Text
The idea of the library is to simplify certificates configuration in Erlang
|
|
programs. Typically an Erlang program which needs certificates (for HTTPS/
|
|
MQTT/XMPP/etc) provides a bunch of options such as certfile, chainfile,
|
|
privkey, etc. The situation becomes even more complicated when a server
|
|
supports so called virtual domains because a program is typically required to
|
|
match a virtual domain with its certificate. If a user has plenty of virtual
|
|
domains it's quickly becoming a nightmare for them to configure all this. The
|
|
complexity also leads to errors: a single configuration mistake and a program
|
|
generates obscure log messages, unreadable Erlang tracebacks or, even worse,
|
|
just silently ignores the errors. Fortunately, the large part of certificates
|
|
configuration can be automated, reducing a user configuration to something as
|
|
simple as:
|
|
|
|
certfiles:
|
|
|
|
- /etc/letsencrypt/live/*/*.pem
|
|
|
|
The purpose of this library is to do this dirty job under the hood.
|