[erlang-questions] certificate chain trouble in R13B04 {ssl_imp, new}

Shaun Kruger <>
Thu Jun 9 19:14:01 CEST 2011


I am having some trouble getting some SSL certs to work.  I can get a
self signed cert working, but I can't get a CA issued cert with a
certificate chain file working.  My certs were working with the old ssl
implementation, but my need for IPv6 support is forcing me to commit to
the new ssl implementation.

The certificate I am currently testing with is a StartCom.org
certificate.  I am able to ssl:listen() and ssl:transport_accept()
without any problems.  The problem comes when I call ssl:ssl_accept().
I catch the exit and it returns with this:

{'EXIT',{{{case_clause,{{file,"/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key"},
[{rsa_private_key,<<48,130,4,164,2,1,0,2,130,1,1,0,180,94,233,
.......
                                   109,208,55,111>>,
                                  not_encrypted}]}},
  [{ssl_certificate,find_issuer,2},
   {ssl_certificate,certificate_chain,4},
   {ssl_handshake,certificate,3},
   {ssl_connection,certify_server,1},
   {ssl_connection,server_certify_and_key_exchange,1},
   {ssl_connection,do_server_hello,2},
   {lists,foldl,3},
   {ssl_connection,handle_event,3}]},
 {gen_fsm,sync_send_all_state_event,[<0.293.0>,started,infinity]}}}

The same certificate and key work with the old SSL implementation on
IPv4.

I'm hoping to find a solution to this as I would hate to have a
dependency on ssl certs that don't have chain certs.

Shaun


===================================================
Here is some of the error report:

=ERROR REPORT==== 9-Jun-2011::11:01:57 ===
** State machine <0.293.0> terminating 
** Last event in was {ssl_tls,undefined,22,
                              {3,1},
<<1,0,0,155,3,1,77,240,252,133,189,215,225,174,
183,30,11,36,77,161,45,64,140,24,102,112,20,
97,137,55,217,18,225,113,59,187,209,208,0,0,
74,0,255,192,10,192,20,0,136,0,135,0,56,192,
15,192,5,0,132,0,53,0,57,192,7,192,9,192,17,
192,19,0,69,0,68,0,51,0,50,192,12,192,14,192,
2,192,4,0,150,0,65,0,4,0,5,0,47,192,8,192,18,
0,22,0,19,192,13,192,3,254,255,0,10,0,9,1,0,0,
40,0,0,0,14,0,12,0,0,9,108,111,99,97,108,104,
111,115,116,0,10,0,8,0,6,0,23,0,24,0,25,0,11,
0,2,1,0,0,35,0,0>>} (for all states)
** When State == hello
**      Data  == {state,server,
                     {#Ref<0.0.0.796>,<0.292.0>},
gen_tcp,tcp,tcp_closed,"localhost",8089,#Port<0.3642>,
{ssl_options,[],verify_none,#Fun<ssl.2.93623501>,false,
false,1,
"/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.crt",
"/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key",
undefined,undefined,[],
[<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
#Fun<ssl.0.126056736>,true,[]},
{socket_options,binary,0,0,0,false},
.....






More information about the erlang-questions mailing list