[erlang-bugs] R16A ssl 'certificate unknown'
Ingela Anderton Andin
ingela.anderton.andin@REDACTED
Wed Feb 6 09:19:17 CET 2013
Hi Tristan!
Tristan Sloughter wrote:
> Testing out R16A I ran into an ssl error on some code that works fine
> on R15B03-1. The code I discovered it on is part of wooga's estatsd
> that posts json to the librato API:
>
> https://github.com/wooga/estatsd/blob/master/apps/estatsd/src/adapters/estatsda_librato.erl#L108
>
> On R16A I get the error:
>
> {conn_failed,{error,{essl,"certificate unknown"}}}
> I suspect it is related to this commit:
>
> https://github.com/erlang/otp/commit/69d4a56d9f7ade14fd0496ffbf56d96bf9184aef#lib/ssl/src/ssl_handshake.erl
This commit is in R15B03-1 and should make it less likely that you get
an ASN-1 decode error.
>
> What else should I do to help figure out what is going wrong here?
>
It sounds like it could be an error in the asn1 application. You could
apply
the following patch to get some more information. I think we will add this
to code.
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 1929370..4c51450 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -258,7 +258,9 @@ certify(#certificate{asn1_certificates = ASN1Certs}, C
ertDbHandle, CertDbRef,
path_validation_alert(Reason)
end
catch
- error:_ ->
+ error:Error ->
+ Report = io_lib:format("Decode of certificate failed due to:
~p",
[Error]),
+ error_logger:error_report(Report),
%% ASN-1 decode of certificate somehow failed
?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN)
end.
Regards Ingela Erlang/OTP team Ericsson AB
More information about the erlang-bugs
mailing list