[erlang-patches] Fix ssl connection issue using proxy certificate (certificate chain file)

Fredrik <>
Mon Mar 18 16:54:10 CET 2013

On 03/16/2013 03:43 PM, Valentin Kuznetsov wrote:
> Hi,
> physicists working in CERN experiments relies on usage of proxy certificates, i.e. certificate chain file. Those are obtained via grid-proxy-init, voms-proxy-init and can be stored to proxy server.
> We found that default ssl module partially parses such files and therefore fails to authenticate clients with servers accepting proxy certificates. Provided patch fixes this issue (thanks to Diego da Silva Gomes<>), please include:
> git fetch git://github.com/vkuznet/otp.git ssl_connection4chain_certificate
> https://github.com/vkuznet/otp/compare/maint...ssl_connection4chain_certificate
> https://github.com/vkuznet/otp/compare/maint...ssl_connection4chain_certificate.patch
> To verify the change you need to have a server which accepts proxy certificate and configure your client with your proxy certificate as following:
> %% generate user proxy file by using grid-proxy-init
> %% produced /tmp/x509up_u<id>  proxy file contains user private key, certificate and cacertificate
> %% configure your client to use proxy file
> Request={Url, Headers},
> ProxyCert = "/tmp/x509up_u502",
> HTTPOptions = [{ssl, [{keyfile, ProxyCert}, {certfile, ProxyCert}, {cacertfile, ProxyCert}]}]
> httpc:request(get, Request, HTTPOptions, [])
> Thanks,
> Valentin.
> _______________________________________________
> erlang-patches mailing list
> http://erlang.org/mailman/listinfo/erlang-patches
It is now in the 'pu' branch.


BR Fredrik Gustafsson
Erlang OTP Team

More information about the erlang-patches mailing list