[erlang-questions] ssl_pkix:decode_cert_file exceptions with common PEM files
Colm Dougan
colm.dougan@REDACTED
Fri Jan 16 14:12:07 CET 2009
Hi,
I installed the "ca-certificate" package in Debian which provides
common CA Certificate PEM files (like those that would be preinstalled
on a web-browser).
When I tried using ssl_pkix:decode_cert_file on the CA certificates
installed a lot of the certificates caused an exception which appear
to be due to a few recurring certificate extensions:
1,2,840,113533,7,65,0 (entrust version extension)
2,16,840,1,113730,1,4 (Netscape CA Revocation URL)
2,16,840,1,113730,1,1 (Netscape Certificate Type)
2,16,840,1,113730,1,8 (Netscape CA policy URL)
I had a quick look at the ASN.1 definitions in the pkix directory of
the OTP distribution and the above definitions are missing. Is there
anyway to add the definitions, or a way to avoid the problem? I am
concerned if I use the new SSL erlang library to connect to a secure
Web site the certificate validation will fail.
Thanks,
Colm
More information about the erlang-questions
mailing list