<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br><br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">From: horst_@outlook.com<br>To: ingela.anderton.andin@ericsson.com<br>Subject: RE: [erlang-bugs] SSL issue<br>Date: Tue, 15 Jan 2013 09:39:12 +0100<br><br>

<style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:12pt;font-family:Calibri;}

--></style>
<div dir="ltr">Hi,<div><br></div><div>thanks for the quick answer.</div><div><br></div><div>Now, i tried to connect to the server as follow:</div><div><br></div><div>ssl:connect(HOST, 636, [{cacertfile, "EquifaxSecureCA.pem"}, {verify, verify_none}]).</div><div><div>=ERROR REPORT==== 15-Jan-2013::09:33:14 ===</div><div>SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown</div><div>{error,"certificate unknown"}</div></div><div><br></div><div>As i understand from your last mail, the client needs a server certificate with the following informations:</div><div><br></div><div>







<p class="ecxp1">Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority</p>
<p class="ecxp1"><span class="ecxApple-tab-span">       </span>X509v3 Subject Key Identifier:   48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4</p><p class="ecxp1"><br></p><p class="ecxp1">This informations are included in the <span style="font-size:12pt">EquifaxSecureCA.pem which i added as a cacertfile to the connect function,</span></p><p class="ecxp1">but i got the same result.</p><p class="ecxp1"><br></p><p class="ecxp1">Please, can you tell me, what i am doing wrong?</p><p class="ecxp1"><br></p><p class="ecxp1">Thanks and best regards,</p><p class="ecxp1">Ulf</p></div><div><br></div><div><br></div><div><br></div><div><br><br><div><div id="ecxSkyDrivePlaceholder"></div>> Date: Mon, 14 Jan 2013 09:39:50 +0100<br>> From: ingela.anderton.andin@ericsson.com<br>> To: horst_@outlook.com<br>> CC: erlang-bugs@erlang.org<br>> Subject: Re: [erlang-bugs] SSL issue<br>> <br>> Hi!<br>> <br>> Looking at your cert,  the values of  authorityCertIssuer, <br>> authorityCertSerialNumber in #AuthorityKeyIdentifier, are asn1_NOVALUE.<br>> so then it is logical that public_key can not find the issuer.  <br>> <br>> pubkey_cert:select_extension/2 -> {'Extension',<br>>                                                             {2,5,29,35},<br>>                                                             false,<br>>                                                             <br>> {'AuthorityKeyIdentifier',<br>>                                                              <br>> [192,122,152,104,<br>>                                                               <br>> 141,137,251,171,<br>>                                                               <br>> 5,100,12,17,125,<br>>                                                               <br>> 170,125,101,184,<br>>                                                               202,204,78],<br>>                                                              asn1_NOVALUE,<br>>                                                              asn1_NOVALUE}}<br>> (<0.43.0>) call <br>> pubkey_cert:cert_auth_key_id({'AuthorityKeyIdentifier',[192,122,152,104,141,137,251,171,5,100,12,17,125,<br>>                            170,125,101,184,202,204,78],<br>>                           asn1_NOVALUE,asn1_NOVALUE})<br>> (<0.43.0>) returned from pubkey_cert:cert_auth_key_id/1 -> {error,<br>>                                                             <br>> issuer_not_found}<br>> <br>> <br>> Some old certs does not properly specify the AuthorityKeyIdentifier the <br>> fallback is to search the entire known CA database which ssl will do if <br>> it has one, you have<br>> not specified any CA-certs in your call to ssl:connect.  You should try <br>> doing that.<br>> <br>> Regards Ingela Erlang/OTP team - Ericsson AB<br>> <br>> Horst Mani wrote:<br>> > Hi,<br>> ><br>> > I ty to connect to a ssl server with the following command:<br>> ><br>> > ssl:connect(HOST, 636, []).<br>> > SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown<br>> > {error,"certificate unknown"}<br>> ><br>> > After debugging the problem, i found that the error occurs inside the <br>> > public_key module. <br>> > Please, have a look at my testcase which you can find here : <br>> > https://gist.github.com/4525223<br>> ><br>> > Note: The ssl connect works with other clients. <br>> ><br>> > Env : R15B03 32 bit, build by erlang-solutions, OSX 10.7.5, <br>> > public_key-0.17<br>> ><br>> > I hope that i gave you all the informations you need to fix the <br>> > problem. I would do it by my own,<br>> > but i don't know the expected behavior.<br>> ><br>> > Best Regards,<br>> > Ulf<br>> > ------------------------------------------------------------------------<br>> ><br>> > _______________________________________________<br>> > erlang-bugs mailing list<br>> > erlang-bugs@erlang.org<br>> > http://erlang.org/mailman/listinfo/erlang-bugs<br>> >   <br>> <br></div></div>                                           </div></div>                                        </div></body>
</html>