[erlang-bugs] SSL issue
Ingela Anderton Andin
ingela.anderton.andin@REDACTED
Mon Jan 14 09:39:50 CET 2013
Hi!
Looking at your cert, the values of authorityCertIssuer,
authorityCertSerialNumber in #AuthorityKeyIdentifier, are asn1_NOVALUE.
so then it is logical that public_key can not find the issuer.
pubkey_cert:select_extension/2 -> {'Extension',
{2,5,29,35},
false,
{'AuthorityKeyIdentifier',
[192,122,152,104,
141,137,251,171,
5,100,12,17,125,
170,125,101,184,
202,204,78],
asn1_NOVALUE,
asn1_NOVALUE}}
(<0.43.0>) call
pubkey_cert:cert_auth_key_id({'AuthorityKeyIdentifier',[192,122,152,104,141,137,251,171,5,100,12,17,125,
170,125,101,184,202,204,78],
asn1_NOVALUE,asn1_NOVALUE})
(<0.43.0>) returned from pubkey_cert:cert_auth_key_id/1 -> {error,
issuer_not_found}
Some old certs does not properly specify the AuthorityKeyIdentifier the
fallback is to search the entire known CA database which ssl will do if
it has one, you have
not specified any CA-certs in your call to ssl:connect. You should try
doing that.
Regards Ingela Erlang/OTP team - Ericsson AB
Horst Mani wrote:
> Hi,
>
> I ty to connect to a ssl server with the following command:
>
> ssl:connect(HOST, 636, []).
> SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown
> {error,"certificate unknown"}
>
> After debugging the problem, i found that the error occurs inside the
> public_key module.
> Please, have a look at my testcase which you can find here :
> https://gist.github.com/4525223
>
> Note: The ssl connect works with other clients.
>
> Env : R15B03 32 bit, build by erlang-solutions, OSX 10.7.5,
> public_key-0.17
>
> I hope that i gave you all the informations you need to fix the
> problem. I would do it by my own,
> but i don't know the expected behavior.
>
> Best Regards,
> Ulf
> ------------------------------------------------------------------------
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
>
More information about the erlang-bugs
mailing list