<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><font face="Menlo" class="">I don’t know if it is an Erlang bug but still I don’t have any clue how to resolve this situation:</font></div><div class=""><font face="Menlo" class=""><br class=""></font></div><div class=""><font face="Menlo" class=""><br class=""></font></div><div class=""><pre style="white-space: pre-wrap; background-color: rgb(255, 255, 255);" class=""><font face="Menlo" class="">ubuntu 14.04 and OTP 18.0


<font color="#006d8f" class=""># wget <a href="http://curl.haxx.se/ca/cacert.pem" class="">http://curl.haxx.se/ca/cacert.pem</a>
--2015-07-16 19:11:50--  <a href="http://curl.haxx.se/ca/cacert.pem" class="">http://curl.haxx.se/ca/cacert.pem</a>
Resolving <a href="http://curl.haxx.se" class="">curl.haxx.se</a> (<a href="http://curl.haxx.se" class="">curl.haxx.se</a>)... 2a00:1a28:1200:9::2, 80.67.6.50
Connecting to <a href="http://curl.haxx.se" class="">curl.haxx.se</a> (<a href="http://curl.haxx.se" class="">curl.haxx.se</a>)|2a00:1a28:1200:9::2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 258424 (252K)
Saving to: 'cacert.pem'

100%[=============================================================================================================================================================================================>] 258,424     1.62MB/s   in 0.2s   

2015-07-16 19:11:50 (1.62 MB/s) - 'cacert.pem' saved [258424/258424]

# erl
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V7.0  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2>  ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem"}] ).

=ERROR REPORT==== 16-Jul-2015::19:12:18 ===
SSL: certify: ssl_handshake.erl:1476:Fatal error: bad certificate
{error,{tls_alert,"bad certificate"}}
3> </font>


and

Mac OS X and OTP 17.4

<font color="#004d65" class="">
</font><font color="#006d8f" class="">$ wget <a href="http://curl.haxx.se/ca/cacert.pem" class="">http://curl.haxx.se/ca/cacert.pem</a>
--2015-07-16 22:09:02--  <a href="http://curl.haxx.se/ca/cacert.pem" class="">http://curl.haxx.se/ca/cacert.pem</a>
Resolving <a href="http://curl.haxx.se" class="">curl.haxx.se</a>... 80.67.6.50, 2a00:1a28:1200:9::2
Connecting to <a href="http://curl.haxx.se" class="">curl.haxx.se</a>|80.67.6.50|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 258424 (252K)
Saving to: 'cacert.pem'

100%[=============================================================================================================================================================================================>] 258,424     --.-K/s   in 0.1s    

2015-07-16 22:09:02 (1.92 MB/s) - 'cacert.pem' saved [258424/258424]

$ erl
Erlang/OTP 17 [erts-6.3] [source] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false] [dtrace]

Eshell V6.3  (abort with ^G)
1>  application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2>  ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem"}] ).

=ERROR REPORT==== 16-Jul-2015::22:09:23 ===
SSL: certify: ssl_handshake.erl:1389:Fatal error: bad certificate
{error,{tls_alert,"bad certificate"}}
3> </font></font></pre><div class=""><font face="Menlo" class=""><br class=""></font></div></div><div class=""><font face="Menlo" class="">Then <span style="background-color: rgb(255, 255, 255);" class=""><span style="white-space: pre-wrap;" class="">Santiago Fernández reported that problem couldn’t be reproduced with OTP 17.5 and I tried it. Indeed connection was successful but I decided to dig it more and I found interesting things:</span></span></font></div><div class=""><span style="background-color: rgb(255, 255, 255);" class=""><span style="white-space: pre-wrap;" class=""><font face="Menlo" class=""><br class=""></font></span></span></div><div class=""><pre style="white-space: pre-wrap; background-color: rgb(255, 255, 255);" class=""><font face="Menlo" class="">I prepared two files. cacert.pem.1 was just an empty file (with zero legth) and cacert.pem which I’d downloaded earlier. And there is an output of 17.5 which seems to me wrong. 

Line 2 and 3 is ok. Line 4 is ok. But why line 5 gave me no error??



<font color="#006d8f" class="">Erlang/OTP 17 [erts-6.4] [source] [64-bit] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V6.4  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem.1"}] ).

=ERROR REPORT==== 17-Jul-2015::13:26:45 ===
SSL: certify: ssl_handshake.erl:1401:Fatal error: unknown ca
{error,{tls_alert,"unknown ca"}}
3> ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem.1"}] ).

=ERROR REPORT==== 17-Jul-2015::13:26:48 ===
SSL: certify: ssl_handshake.erl:1401:Fatal error: unknown ca
{error,{tls_alert,"unknown ca"}}
4> ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem"}] ).  
{ok,{sslsocket,{gen_tcp,#Port<0.1236>,tls_connection,
                        undefined},
               <0.53.0>}}
</font><font color="#b51a00" class="">5> ssl:connect( "<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>", 443, [{verify,verify_peer},{server_name_indication,"<a href="http://www.nicemine.ru" class="">www.nicemine.ru</a>"},{depth,2},{cacertfile,"cacert.pem.1"}] ).
{ok,{sslsocket,{gen_tcp,#Port<0.1243>,tls_connection,
                        undefined},
               <0.55.0>}}
</font></font></pre></div><div class=""><font face="Menlo" class=""><br class=""></font></div><div class=""><font face="Menlo" class=""><br class=""></font></div><div class=""><font face="Menlo" class=""><br class=""></font></div><div class=""><br class=""></div></body></html>