[erlang-questions] certificate chain trouble in R13B04 {ssl_imp, new}

Shaun Kruger skruger@REDACTED
Fri Jun 10 17:17:35 CEST 2011


I can live with that.  I suppose that's why old ssl was the default in
R13.  I'll test it with the latest R14 and merely state that R14 is a
dependency for doing IPv6 SSL termination.

Thanks,

Shaun

On Fri, 2011-06-10 at 10:00 +0200, Ingela Andin wrote:
> Hi!
> 
> This is a very old bug and I can not remember in which version it was
> fixed. In R13 new ssl was
> still exprimental so I would very much suggest that you upgrade to R14
>  if you want to run new ssl.
> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> 2011/6/9 Shaun Kruger <skruger@REDACTED>:
> > I am having some trouble getting some SSL certs to work.  I can get a
> > self signed cert working, but I can't get a CA issued cert with a
> > certificate chain file working.  My certs were working with the old ssl
> > implementation, but my need for IPv6 support is forcing me to commit to
> > the new ssl implementation.
> >
> > The certificate I am currently testing with is a StartCom.org
> > certificate.  I am able to ssl:listen() and ssl:transport_accept()
> > without any problems.  The problem comes when I call ssl:ssl_accept().
> > I catch the exit and it returns with this:
> >
> > {'EXIT',{{{case_clause,{{file,"/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key"},
> > [{rsa_private_key,<<48,130,4,164,2,1,0,2,130,1,1,0,180,94,233,
> > .......
> >                                   109,208,55,111>>,
> >                                  not_encrypted}]}},
> >  [{ssl_certificate,find_issuer,2},
> >   {ssl_certificate,certificate_chain,4},
> >   {ssl_handshake,certificate,3},
> >   {ssl_connection,certify_server,1},
> >   {ssl_connection,server_certify_and_key_exchange,1},
> >   {ssl_connection,do_server_hello,2},
> >   {lists,foldl,3},
> >   {ssl_connection,handle_event,3}]},
> >  {gen_fsm,sync_send_all_state_event,[<0.293.0>,started,infinity]}}}
> >
> > The same certificate and key work with the old SSL implementation on
> > IPv4.
> >
> > I'm hoping to find a solution to this as I would hate to have a
> > dependency on ssl certs that don't have chain certs.
> >
> > Shaun
> >
> >
> > ===================================================
> > Here is some of the error report:
> >
> > =ERROR REPORT==== 9-Jun-2011::11:01:57 ===
> > ** State machine <0.293.0> terminating
> > ** Last event in was {ssl_tls,undefined,22,
> >                              {3,1},
> > <<1,0,0,155,3,1,77,240,252,133,189,215,225,174,
> > 183,30,11,36,77,161,45,64,140,24,102,112,20,
> > 97,137,55,217,18,225,113,59,187,209,208,0,0,
> > 74,0,255,192,10,192,20,0,136,0,135,0,56,192,
> > 15,192,5,0,132,0,53,0,57,192,7,192,9,192,17,
> > 192,19,0,69,0,68,0,51,0,50,192,12,192,14,192,
> > 2,192,4,0,150,0,65,0,4,0,5,0,47,192,8,192,18,
> > 0,22,0,19,192,13,192,3,254,255,0,10,0,9,1,0,0,
> > 40,0,0,0,14,0,12,0,0,9,108,111,99,97,108,104,
> > 111,115,116,0,10,0,8,0,6,0,23,0,24,0,25,0,11,
> > 0,2,1,0,0,35,0,0>>} (for all states)
> > ** When State == hello
> > **      Data  == {state,server,
> >                     {#Ref<0.0.0.796>,<0.292.0>},
> > gen_tcp,tcp,tcp_closed,"localhost",8089,#Port<0.3642>,
> > {ssl_options,[],verify_none,#Fun<ssl.2.93623501>,false,
> > false,1,
> > "/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.crt",
> > "/home/skruger/erlang/workspace/Surrogate/conf/fastinfra.key",
> > undefined,undefined,[],
> > [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
> > #Fun<ssl.0.126056736>,true,[]},
> > {socket_options,binary,0,0,0,false},
> > .....
> >
> >
> >
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> >





More information about the erlang-questions mailing list