<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi,<div><br></div><div>thanks for your help. </div><div><br></div><div>I will try it, when i have the new certificate and when i am back from vacation.</div><div><br></div><div>Best Regards,</div><div>Ulf<br><br><div><div id="SkyDrivePlaceholder"></div>> Date: Thu, 17 Jan 2013 11:10:35 +0100<br>> From: Ingela.Anderton.Andin@ericsson.com<br>> To: horst_@outlook.com<br>> CC: erlang-bugs@erlang.org<br>> Subject: Re: [erlang-bugs] FW: SSL issue<br>> <br>> Hello again!<br>> <br>> The problem is that the 'X520StateOrProvinceName' is an empty string and <br>> according to the spec it should be not be an empty string, however it is <br>> an optional attribute so I do not understand why you would want to <br>> include it as an empty string. The problem could of course be<br>> worked around by relaxing the ASN-1 spec but I think it is Equifax<br>> that is at fault here.<br>> <br>> Regards Ingela Erlang/OTP team - Ericsson AB<br>> <br>> <br>> Horst Mani wrote:<br>> > <br>> > <br>> > ------------------------------------------------------------------------<br>> > From: horst_@outlook.com<br>> > To: ingela.anderton.andin@ericsson.com<br>> > Subject: RE: [erlang-bugs] SSL issue<br>> > Date: Tue, 15 Jan 2013 09:39:12 +0100<br>> > <br>> > Hi,<br>> > <br>> > thanks for the quick answer.<br>> > <br>> > Now, i tried to connect to the server as follow:<br>> > <br>> > ssl:connect(HOST, 636, [{cacertfile, "EquifaxSecureCA.pem"}, {verify, <br>> > verify_none}]).<br>> > =ERROR REPORT==== 15-Jan-2013::09:33:14 ===<br>> > SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown<br>> > {error,"certificate unknown"}<br>> > <br>> > As i understand from your last mail, the client needs a server <br>> > certificate with the following informations:<br>> > <br>> > Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority<br>> > <br>> > X509v3 Subject Key Identifier: <br>> > 48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4<br>> > <br>> > <br>> > This informations are included in the EquifaxSecureCA.pem which i added <br>> > as a cacertfile to the connect function,<br>> > <br>> > but i got the same result.<br>> > <br>> > <br>> > Please, can you tell me, what i am doing wrong?<br>> > <br>> > <br>> > Thanks and best regards,<br>> > <br>> > Ulf<br>> > <br>> > <br>> > <br>> > <br>> > <br>> > <br>> > > Date: Mon, 14 Jan 2013 09:39:50 +0100<br>> > > From: ingela.anderton.andin@ericsson.com<br>> > > To: horst_@outlook.com<br>> > > CC: erlang-bugs@erlang.org<br>> > > Subject: Re: [erlang-bugs] SSL issue<br>> > ><br>> > > Hi!<br>> > ><br>> > > Looking at your cert, the values of authorityCertIssuer,<br>> > > authorityCertSerialNumber in #AuthorityKeyIdentifier, are asn1_NOVALUE.<br>> > > so then it is logical that public_key can not find the issuer.<br>> > ><br>> > > pubkey_cert:select_extension/2 -> {'Extension',<br>> > > {2,5,29,35},<br>> > > false,<br>> > ><br>> > > {'AuthorityKeyIdentifier',<br>> > ><br>> > > [192,122,152,104,<br>> > ><br>> > > 141,137,251,171,<br>> > ><br>> > > 5,100,12,17,125,<br>> > ><br>> > > 170,125,101,184,<br>> > > 202,204,78],<br>> > > asn1_NOVALUE,<br>> > > asn1_NOVALUE}}<br>> > > (<0.43.0>) call<br>> > > <br>> > pubkey_cert:cert_auth_key_id({'AuthorityKeyIdentifier',[192,122,152,104,141,137,251,171,5,100,12,17,125,<br>> > > 170,125,101,184,202,204,78],<br>> > > asn1_NOVALUE,asn1_NOVALUE})<br>> > > (<0.43.0>) returned from pubkey_cert:cert_auth_key_id/1 -> {error,<br>> > ><br>> > > issuer_not_found}<br>> > ><br>> > ><br>> > > Some old certs does not properly specify the AuthorityKeyIdentifier the<br>> > > fallback is to search the entire known CA database which ssl will do if<br>> > > it has one, you have<br>> > > not specified any CA-certs in your call to ssl:connect. You should try<br>> > > doing that.<br>> > ><br>> > > Regards Ingela Erlang/OTP team - Ericsson AB<br>> > ><br>> > > Horst Mani wrote:<br>> > > > Hi,<br>> > > ><br>> > > > I ty to connect to a ssl server with the following command:<br>> > > ><br>> > > > ssl:connect(HOST, 636, []).<br>> > > > SSL: certify: ssl_handshake.erl:239:Fatal error: certificate unknown<br>> > > > {error,"certificate unknown"}<br>> > > ><br>> > > > After debugging the problem, i found that the error occurs inside the<br>> > > > public_key module.<br>> > > > Please, have a look at my testcase which you can find here :<br>> > > > https://gist.github.com/4525223<br>> > > ><br>> > > > Note: The ssl connect works with other clients.<br>> > > ><br>> > > > Env : R15B03 32 bit, build by erlang-solutions, OSX 10.7.5,<br>> > > > public_key-0.17<br>> > > ><br>> > > > I hope that i gave you all the informations you need to fix the<br>> > > > problem. I would do it by my own,<br>> > > > but i don't know the expected behavior.<br>> > > ><br>> > > > Best Regards,<br>> > > > Ulf<br>> > > > <br>> > ------------------------------------------------------------------------<br>> > > ><br>> > > > _______________________________________________<br>> > > > erlang-bugs mailing list<br>> > > > erlang-bugs@erlang.org<br>> > > > http://erlang.org/mailman/listinfo/erlang-bugs<br>> > > ><br>> > ><br>> <br></div></div> </div></body>
</html>