[erlang-bugs] R16A ssl 'certificate unknown'

Ingela Anderton Andin <>
Wed Feb 6 09:19:17 CET 2013

Hi Tristan!

Tristan Sloughter wrote:
> Testing out R16A I ran into an ssl error on some code that works fine 
> on R15B03-1. The code I discovered it on is part of wooga's estatsd 
> that posts json to the librato API:
> https://github.com/wooga/estatsd/blob/master/apps/estatsd/src/adapters/estatsda_librato.erl#L108
> On R16A I get the error:
> {conn_failed,{error,{essl,"certificate unknown"}}}
> I suspect it is related to this commit:
> https://github.com/erlang/otp/commit/69d4a56d9f7ade14fd0496ffbf56d96bf9184aef#lib/ssl/src/ssl_handshake.erl

This commit is in R15B03-1 and should make it less likely that you get 
an ASN-1 decode error. 

> What else should I do to help figure out what is going wrong here?
It sounds like it could be an error in the asn1 application.  You could 
the following patch to get some more information. I think we will add this
to code.

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 1929370..4c51450 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -258,7 +258,9 @@ certify(#certificate{asn1_certificates = ASN1Certs}, C
ertDbHandle, CertDbRef,
-       error:_ ->
+       error:Error ->
+           Report = io_lib:format("Decode of certificate failed due to: 
+           error_logger:error_report(Report),
            %% ASN-1 decode of certificate somehow failed

Regards Ingela Erlang/OTP team Ericsson AB

More information about the erlang-bugs mailing list