[erlang-bugs] R16A ssl 'certificate unknown'

Ingela Anderton Andin <>
Wed Feb 6 09:19:17 CET 2013


Hi Tristan!

Tristan Sloughter wrote:
> Testing out R16A I ran into an ssl error on some code that works fine 
> on R15B03-1. The code I discovered it on is part of wooga's estatsd 
> that posts json to the librato API:
>
> https://github.com/wooga/estatsd/blob/master/apps/estatsd/src/adapters/estatsda_librato.erl#L108
>
> On R16A I get the error:
>
> {conn_failed,{error,{essl,"certificate unknown"}}}
> I suspect it is related to this commit:
>
> https://github.com/erlang/otp/commit/69d4a56d9f7ade14fd0496ffbf56d96bf9184aef#lib/ssl/src/ssl_handshake.erl

This commit is in R15B03-1 and should make it less likely that you get 
an ASN-1 decode error. 

>
> What else should I do to help figure out what is going wrong here?
>
It sounds like it could be an error in the asn1 application.  You could 
apply
the following patch to get some more information. I think we will add this
to code.

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 1929370..4c51450 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -258,7 +258,9 @@ certify(#certificate{asn1_certificates = ASN1Certs}, C
ertDbHandle, CertDbRef,
                path_validation_alert(Reason)
        end
     catch
-       error:_ ->
+       error:Error ->
+           Report = io_lib:format("Decode of certificate failed due to: 
~p",
[Error]),
+           error_logger:error_report(Report),
            %% ASN-1 decode of certificate somehow failed
            ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN)
     end.



Regards Ingela Erlang/OTP team Ericsson AB


More information about the erlang-bugs mailing list