<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi,<div><br></div><div>perhaps it is broken during the upload, because localy the file seems ok.</div><div>Now i will paste the EquifaxSecure.pem file also : </div><div><br></div><div>-----BEGIN CERTIFICATE-----</div><div>MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV</div><div>UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy</div><div>dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1</div><div>MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx</div><div>dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B</div><div>AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f</div><div>BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A</div><div>cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC</div><div>AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ</div><div>MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm</div><div>aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw</div><div>ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj</div><div>IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF</div><div>MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA</div><div>A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y</div><div>7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh</div><div>1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4</div><div>-----END CERTIFICATE-----</div><div> </div><div>The cert_chain.txt contains the certificate chain from the server.</div><div><br></div><div>Best Regards,</div><div>Ulf<br><br><div><div id="SkyDrivePlaceholder"></div>> Date: Wed, 16 Jan 2013 15:07:30 +0100<br>> From: Ingela.Anderton.Andin@ericsson.com<br>> To: horst_@outlook.com<br>> CC: erlang-bugs@erlang.org<br>> Subject: Re: [erlang-bugs] FW: SSL issue<br>> <br>> Hi!<br>> <br>> The attached PEM-file is broken! It is missing -----END CERTIFICATE-----<br>> and some data that ought to come before the ending tag.<br>> <br>> Regards Ingela Erlang/OTP team - Ericsson AB<br>> <br>> Horst Mani wrote:<br>> > <br>> > <br>> > ------------------------------------------------------------------------<br>> > From: horst_@outlook.com<br>> > To: ingela.anderton.andin@ericsson.com<br>> > Subject: RE: [erlang-bugs] SSL issue<br>> > Date: Tue, 15 Jan 2013 09:39:12 +0100<br>> > <br>> > Hi,<br>> > <br>> > thanks for the quick answer.<br>> > <br>> > Now, i tried to connect to the server as follow:<br>> > <br>> > ssl:connect(HOST, 636, [{cacertfile, "EquifaxSecureCA.pem"}, {verify, <br>> > verify_none}]).<br>> > =ERROR REPORT==== 15-Jan-2013::09:33:14 ===<br>> > SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown<br>> > {error,"certificate unknown"}<br>> > <br>> > As i understand from your last mail, the client needs a server <br>> > certificate with the following informations:<br>> > <br>> > Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority<br>> > <br>> > X509v3 Subject Key Identifier: <br>> > 48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4<br>> > <br>> > <br>> > This informations are included in the EquifaxSecureCA.pem which i added <br>> > as a cacertfile to the connect function,<br>> > <br>> > but i got the same result.<br>> > <br>> > <br>> > Please, can you tell me, what i am doing wrong?<br>> > <br>> > <br>> > Thanks and best regards,<br>> > <br>> > Ulf<br>> > <br>> > <br>> > <br>> > <br>> > <br>> > <br>> > > Date: Mon, 14 Jan 2013 09:39:50 +0100<br>> > > From: ingela.anderton.andin@ericsson.com<br>> > > To: horst_@outlook.com<br>> > > CC: erlang-bugs@erlang.org<br>> > > Subject: Re: [erlang-bugs] SSL issue<br>> > ><br>> > > Hi!<br>> > ><br>> > > Looking at your cert, the values of authorityCertIssuer,<br>> > > authorityCertSerialNumber in #AuthorityKeyIdentifier, are asn1_NOVALUE.<br>> > > so then it is logical that public_key can not find the issuer.<br>> > ><br>> > > pubkey_cert:select_extension/2 -> {'Extension',<br>> > > {2,5,29,35},<br>> > > false,<br>> > ><br>> > > {'AuthorityKeyIdentifier',<br>> > ><br>> > > [192,122,152,104,<br>> > ><br>> > > 141,137,251,171,<br>> > ><br>> > > 5,100,12,17,125,<br>> > ><br>> > > 170,125,101,184,<br>> > > 202,204,78],<br>> > > asn1_NOVALUE,<br>> > > asn1_NOVALUE}}<br>> > > (<0.43.0>) call<br>> > > <br>> > pubkey_cert:cert_auth_key_id({'AuthorityKeyIdentifier',[192,122,152,104,141,137,251,171,5,100,12,17,125,<br>> > > 170,125,101,184,202,204,78],<br>> > > asn1_NOVALUE,asn1_NOVALUE})<br>> > > (<0.43.0>) returned from pubkey_cert:cert_auth_key_id/1 -> {error,<br>> > ><br>> > > issuer_not_found}<br>> > ><br>> > ><br>> > > Some old certs does not properly specify the AuthorityKeyIdentifier the<br>> > > fallback is to search the entire known CA database which ssl will do if<br>> > > it has one, you have<br>> > > not specified any CA-certs in your call to ssl:connect. You should try<br>> > > doing that.<br>> > ><br>> > > Regards Ingela Erlang/OTP team - Ericsson AB<br>> > ><br>> > > Horst Mani wrote:<br>> > > > Hi,<br>> > > ><br>> > > > I ty to connect to a ssl server with the following command:<br>> > > ><br>> > > > ssl:connect(HOST, 636, []).<br>> > > > SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown<br>> > > > {error,"certificate unknown"}<br>> > > ><br>> > > > After debugging the problem, i found that the error occurs inside the<br>> > > > public_key module.<br>> > > > Please, have a look at my testcase which you can find here :<br>> > > > https://gist.github.com/4525223<br>> > > ><br>> > > > Note: The ssl connect works with other clients.<br>> > > ><br>> > > > Env : R15B03 32 bit, build by erlang-solutions, OSX 10.7.5,<br>> > > > public_key-0.17<br>> > > ><br>> > > > I hope that i gave you all the informations you need to fix the<br>> > > > problem. I would do it by my own,<br>> > > > but i don't know the expected behavior.<br>> > > ><br>> > > > Best Regards,<br>> > > > Ulf<br>> > > > <br>> > ------------------------------------------------------------------------<br>> > > ><br>> > > > _______________________________________________<br>> > > > erlang-bugs mailing list<br>> > > > erlang-bugs@erlang.org<br>> > > > http://erlang.org/mailman/listinfo/erlang-bugs<br>> > > ><br>> > ><br>> <br></div></div> </div></body>
</html>