From 6b0e1e29e518487e06f8be7fc7f35153aa9eae47 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 2 Feb 2024 14:51:56 +0100 Subject: [PATCH] ssl: Correct OTP-26 documentation --- lib/ssl/doc/src/ssl.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index f719c55c32f3..ad6cfa7dd7ad 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -1009,9 +1009,9 @@ fun(srp, Username :: binary(), UserState :: term()) -> -

Defaults to verify_none as additional options are needed to be able to perform the certificate verification. - A warning will be emitted unless verify_none is explicitly configured. Usually the applications will want to configure - verify_peer together with an appropriate cacert or cacertfile option. For example an HTTPS client would normally +

Defaults to verify_peer, since OTP-26, which means the option cacerts or cacertfile is also required + to perform the certificate verification unless verify_none is explicitly configured. + For example an HTTPS client would normally use the option {cacerts, public_key:cacerts_get()} (available since OTP-25) to access the CA certificates provided by the OS. Using verify_none means that all x509-certificate path validation errors will be ignored. See also option verify_fun.