[erlang-questions] certificate chain trouble in R13B04 {ssl_imp, new}

Ingela Andin <>
Fri Jun 10 10:00:41 CEST 2011


Hi!

This is a very old bug and I can not remember in which version it was
fixed. In R13 new ssl was
still exprimental so I would very much suggest that you upgrade to R14
 if you want to run new ssl.

Regards Ingela Erlang/OTP team - Ericsson AB

2011/6/9 Shaun Kruger <>:
> I am having some trouble getting some SSL certs to work.  I can get a
> self signed cert working, but I can't get a CA issued cert with a
> certificate chain file working.  My certs were working with the old ssl
> implementation, but my need for IPv6 support is forcing me to commit to
> the new ssl implementation.
>
> The certificate I am currently testing with is a StartCom.org
> certificate.  I am able to ssl:listen() and ssl:transport_accept()
> without any problems.  The problem comes when I call ssl:ssl_accept().
> I catch the exit and it returns with this:
>
> {'EXIT',{{{case_clause,{{file,"/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key"},
> [{rsa_private_key,<<48,130,4,164,2,1,0,2,130,1,1,0,180,94,233,
> .......
>                                   109,208,55,111>>,
>                                  not_encrypted}]}},
>  [{ssl_certificate,find_issuer,2},
>   {ssl_certificate,certificate_chain,4},
>   {ssl_handshake,certificate,3},
>   {ssl_connection,certify_server,1},
>   {ssl_connection,server_certify_and_key_exchange,1},
>   {ssl_connection,do_server_hello,2},
>   {lists,foldl,3},
>   {ssl_connection,handle_event,3}]},
>  {gen_fsm,sync_send_all_state_event,[<0.293.0>,started,infinity]}}}
>
> The same certificate and key work with the old SSL implementation on
> IPv4.
>
> I'm hoping to find a solution to this as I would hate to have a
> dependency on ssl certs that don't have chain certs.
>
> Shaun
>
>
> ===================================================
> Here is some of the error report:
>
> =ERROR REPORT==== 9-Jun-2011::11:01:57 ===
> ** State machine <0.293.0> terminating
> ** Last event in was {ssl_tls,undefined,22,
>                              {3,1},
> <<1,0,0,155,3,1,77,240,252,133,189,215,225,174,
> 183,30,11,36,77,161,45,64,140,24,102,112,20,
> 97,137,55,217,18,225,113,59,187,209,208,0,0,
> 74,0,255,192,10,192,20,0,136,0,135,0,56,192,
> 15,192,5,0,132,0,53,0,57,192,7,192,9,192,17,
> 192,19,0,69,0,68,0,51,0,50,192,12,192,14,192,
> 2,192,4,0,150,0,65,0,4,0,5,0,47,192,8,192,18,
> 0,22,0,19,192,13,192,3,254,255,0,10,0,9,1,0,0,
> 40,0,0,0,14,0,12,0,0,9,108,111,99,97,108,104,
> 111,115,116,0,10,0,8,0,6,0,23,0,24,0,25,0,11,
> 0,2,1,0,0,35,0,0>>} (for all states)
> ** When State == hello
> **      Data  == {state,server,
>                     {#Ref<0.0.0.796>,<0.292.0>},
> gen_tcp,tcp,tcp_closed,"localhost",8089,#Port<0.3642>,
> {ssl_options,[],verify_none,#Fun<ssl.2.93623501>,false,
> false,1,
> "/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.crt",
> "/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key",
> undefined,undefined,[],
> [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
> #Fun<ssl.0.126056736>,true,[]},
> {socket_options,binary,0,0,0,false},
> .....
>
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>



More information about the erlang-questions mailing list