[erlang-bugs] SSL issue

Ingela Anderton Andin <>
Mon Jan 14 09:39:50 CET 2013


Hi!

Looking at your cert,  the values of  authorityCertIssuer, 
authorityCertSerialNumber in #AuthorityKeyIdentifier, are asn1_NOVALUE.
so then it is logical that public_key can not find the issuer.  

pubkey_cert:select_extension/2 -> {'Extension',
                                                            {2,5,29,35},
                                                            false,
                                                            
{'AuthorityKeyIdentifier',
                                                             
[192,122,152,104,
                                                              
141,137,251,171,
                                                              
5,100,12,17,125,
                                                              
170,125,101,184,
                                                              202,204,78],
                                                             asn1_NOVALUE,
                                                             asn1_NOVALUE}}
(<0.43.0>) call 
pubkey_cert:cert_auth_key_id({'AuthorityKeyIdentifier',[192,122,152,104,141,137,251,171,5,100,12,17,125,
                           170,125,101,184,202,204,78],
                          asn1_NOVALUE,asn1_NOVALUE})
(<0.43.0>) returned from pubkey_cert:cert_auth_key_id/1 -> {error,
                                                            
issuer_not_found}


Some old certs does not properly specify the AuthorityKeyIdentifier the 
fallback is to search the entire known CA database which ssl will do if 
it has one, you have
not specified any CA-certs in your call to ssl:connect.  You should try 
doing that.

Regards Ingela Erlang/OTP team - Ericsson AB

Horst Mani wrote:
> Hi,
>
> I ty to connect to a ssl server with the following command:
>
> ssl:connect(HOST, 636, []).
> SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown
> {error,"certificate unknown"}
>
> After debugging the problem, i found that the error occurs inside the 
> public_key module. 
> Please, have a look at my testcase which you can find here : 
> https://gist.github.com/4525223
>
> Note: The ssl connect works with other clients. 
>
> Env : R15B03 32 bit, build by erlang-solutions, OSX 10.7.5, 
> public_key-0.17
>
> I hope that i gave you all the informations you need to fix the 
> problem. I would do it by my own,
> but i don't know the expected behavior.
>
> Best Regards,
> Ulf
> ------------------------------------------------------------------------
>
> _______________________________________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-bugs
>   



More information about the erlang-bugs mailing list