Having just gotten SSL working in Couchbase Mobile for iOS, I'm looking at the Erlang SSL API trying to figure out how to get it to properly validate server certs*. There appears to be no built-in list of root certs; and there seems to be a way to pass in such a list at startup, but my Erlang skills are very rudimentary so I can't figure out how I would configure CouchDB to do this.
Even better would be if I could install a hook to do my own cert verification by calling into iOS's native security APIs, which will have up to date root sets and access to CRL and OCSP. --Jens * I.e. I'm focusing on CouchDB as an SSL client (replicating to/from another server) not as an SSL server in its own right.
