[erlang-questions] SSL error

Youngkin, Rich <>
Mon Nov 10 21:26:56 CET 2014


Hi all,

I'm having an issue sending an http request to a service and I'm not sure
if it's a problem with the certificate or in Erlang. The app is using
R15B03. I've included the Erlang error message below. I tried sending the
request via curl and it looks fine to my not-very-proficient-in-ssl eyes.
Any ideas where I should focus - Erlang or the certificate?

Thanks,
Rich

I used "some*" to replace actual values...

2014-11-07T17:55:31Z ERRORED sub=00000ce5-cb71-83fc-3b95-76d3eed24d94
msg=00000ce5-cbbe-f055-3b95-76d3eed24d94
del_attempt=00000ce5-cbbe-f055-3b95-76d3eed24d94
reason={'EXIT', {{{function_clause, [{pubkey_cert,digest_type,
[{1,2,840,113549,1,1,12}], [{file,"pubkey_cert.erl"},{line,377}]},
{pubkey_cert,extract_verify_data,2, [{file,"pubkey_cert.erl"},{line,358}]},
{pubkey_cert,verify_signature,4, [{file,"pubkey_cert.erl"},{line,362}]},
{pubkey_cert,validate_signature,6, [{file,"pubkey_cert.erl"},{line,160}]},
{public_key,validate,2,[{file,"public_key.erl"},{line,647}]},
{public_key,path_validation,2,[{file,"public_key.erl"},{line,591}]},
{ssl_handshake,certify,7,[{file,"ssl_handshake.erl"},{line,218}]},
{ssl_connection,certify,2, [{file,"ssl_connection.erl"},{line,514}]}]},
{gen_fsm,sync_send_all_state_event,[<0.9974.31>,start,10000]}},
{gen_server,call, [<0.8657.31>, {send_req, {{url,"https://
<https://cert.learningcatalytics.com/message_receiver>
cert.somedomain.com/someresource";, "cert.somedomain.com
<http://cert.learningcatalytics.com/>",443,undefined,undefined,
"/message_receiver",https},
[{"Content-Type","application/x-www-form-urlencoded"}],
post, ...


curl -i -v -X POST https://cert.somedomain.com/someresource
* About to connect() to cert.somedomain.comport 443 (#0)
*   Trying 54.225.73.122... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-SHA
* Server certificate:
*  subject: C=US; postalCode=SomeZipCode; ST=NJ; L=Old Tappan; street=200
Old Tappan Rd; O=SomeOrgName; OU=Web Security; OU=Enterprise SSL Wildcard;
CN=*.somedomain.com
*  start date: 2014-10-09 00:00:00 GMT
*  expire date: 2017-10-08 23:59:59 GMT
*  subjectAltName: cert.somedomain.com matched
*  issuer: C=US; ST=DE; L=Wilmington; O=Corporation Service Company;
CN=Trusted Secure Certificate Authority 5
*  SSL certificate verify ok.
> POST /message_receiver HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: cert.somedomain.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Cache-Control: max-age=0, private, must-revalidate
Cache-Control: max-age=0, private, must-revalidate
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Date: Mon, 10 Nov 2014 20:13:26 GMT
Date: Mon, 10 Nov 2014 20:13:26 GMT
< ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
< Server: Apache
Server: Apache
< Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly
Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly
< Status: 200 OK
Status: 200 OK
< X-Request-Id: bcd72a89933142d8557af9c386701494
X-Request-Id: bcd72a89933142d8557af9c386701494
< X-UA-Compatible: IE=Edge,chrome=1
X-UA-Compatible: IE=Edge,chrome=1
< Content-Length: 1
Content-Length: 1
< Connection: keep-alive
Connection: keep-alive

<
* Connection #0 to host cert.somedomain.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141110/5df3bd19/attachment.html>


More information about the erlang-questions mailing list