[erlang-questions] SSL certificate's subject too long

Ingela Andin ingela.andin@REDACTED
Wed Jun 27 11:10:06 CEST 2012


2012/6/27, Loïc Hoguin <essen@REDACTED>:
> On 06/27/2012 09:59 AM, Ingela Andin wrote:
>> Hi!
>> 2012/6/27, Loïc Hoguin <essen@REDACTED>:
>>> On 06/25/2012 10:27 PM, Ingela Andin wrote:
>>>> Hi!
>>>> 2012/6/25 Loďc Hoguin <essen@REDACTED>:
>>>>> Hey,
>>>>> I'm running into the exact issue described here:
>>>>> http://www.mentby.com/Group/rabbitmq-discuss/ssl-certificate-error.html
>>>>> The certificate I have has a too long Subject line and Erlang just
>>>>> fails
>>>>> when trying to load it. This is a RapidSSL certificate, with a CA. Not
>>>>> sure
>>>>> I can just modify the subject directly while keeping it valid (don't
>>>>> know
>>>>> how anyway).
>>>>> Does anyone know how I could manage to use this certificate? If I need
>>>>> to
>>>>> patch OTP, any pointers as to where this fails is more than welcome.
>>>>> Thanks.
>>>> The ecertfile is a backwards compatibility error code that you will
>>>> get if ssl has a problem reading the certfile.
>>>> It could be a file-error or a file-format error, or a bug in OTP
>>>> application public_key. So if you want to pinpoint the error you can
>>>> do:
>>>> {ok, PemBin} = file:read_file("Cert.pem").
>>>> PemEntries = public_key:pem_decode(Pembin).
>>>> public_key:pem_entry_decode(hd(PemEntries)).
>>> Getting {'RSAPrivateKey','two-prime', ...
>>> All entries decode fine too.
>>> What next?
>> All entries, is there more than one certificate entry?
> 1 rsa private key entry followed by 3 certificate entries.

Well that is your problem then, currently there is only support for
one certificate in the certifcate file  (the key can be there but only
one cert) as there is now algorithm to choose
a specific cert. The cacert file may of course have many cert entries.

Regards Ingela Erlang/OTP team - Ericsson AB

More information about the erlang-questions mailing list