[erlang-questions] SSL error

Ingela Andin <>
Tue Nov 11 10:17:08 CET 2014


Hi!

That is a really old bug, you need to have public_key-0.17  at least to
avoid it. Latest is public_key-0.22.1

Regards Ingela Erlang/OTP team - Ericsson AB

2014-11-10 21:26 GMT+01:00 Youngkin, Rich <>:

> Hi all,
>
> I'm having an issue sending an http request to a service and I'm not sure
> if it's a problem with the certificate or in Erlang. The app is using
> R15B03. I've included the Erlang error message below. I tried sending the
> request via curl and it looks fine to my not-very-proficient-in-ssl eyes.
> Any ideas where I should focus - Erlang or the certificate?
>
> Thanks,
> Rich
>
> I used "some*" to replace actual values...
>
> 2014-11-07T17:55:31Z ERRORED sub=00000ce5-cb71-83fc-3b95-76d3eed24d94
> msg=00000ce5-cbbe-f055-3b95-76d3eed24d94 del_attempt=00000ce5-cbbe-f055-3b95-76d3eed24d94
> reason={'EXIT', {{{function_clause, [{pubkey_cert,digest_type,
> [{1,2,840,113549,1,1,12}], [{file,"pubkey_cert.erl"},{line,377}]},
> {pubkey_cert,extract_verify_data,2, [{file,"pubkey_cert.erl"},{line,358}]},
> {pubkey_cert,verify_signature,4, [{file,"pubkey_cert.erl"},{line,362}]},
> {pubkey_cert,validate_signature,6, [{file,"pubkey_cert.erl"},{line,160}]},
> {public_key,validate,2,[{file,"public_key.erl"},{line,647}]},
> {public_key,path_validation,2,[{file,"public_key.erl"},{line,591}]},
> {ssl_handshake,certify,7,[{file,"ssl_handshake.erl"},{line,218}]},
> {ssl_connection,certify,2, [{file,"ssl_connection.erl"},{line,514}]}]},
> {gen_fsm,sync_send_all_state_event,[<0.9974.31>,start,10000]}},
> {gen_server,call, [<0.8657.31>, {send_req, {{url,"https://
> <https://cert.learningcatalytics.com/message_receiver>
> cert.somedomain.com/someresource";, "cert.somedomain.com
> <http://cert.learningcatalytics.com/>",443,undefined,undefined,
> "/message_receiver",https}, [{"Content-Type","application/x-www-form-urlencoded"}],
> post, ...
>
>
> curl -i -v -X POST https://cert.somedomain.com/someresource
> * About to connect() to cert.somedomain.comport 443 (#0)
> *   Trying 54.225.73.122... connected
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using ECDHE-RSA-AES128-SHA
> * Server certificate:
> *  subject: C=US; postalCode=SomeZipCode; ST=NJ; L=Old Tappan; street=200
> Old Tappan Rd; O=SomeOrgName; OU=Web Security; OU=Enterprise SSL Wildcard;
> CN=*.somedomain.com
> *  start date: 2014-10-09 00:00:00 GMT
> *  expire date: 2017-10-08 23:59:59 GMT
> *  subjectAltName: cert.somedomain.com matched
> *  issuer: C=US; ST=DE; L=Wilmington; O=Corporation Service Company;
> CN=Trusted Secure Certificate Authority 5
> *  SSL certificate verify ok.
> > POST /message_receiver HTTP/1.1
> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> > Host: cert.somedomain.com
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> HTTP/1.1 200 OK
> < Cache-Control: max-age=0, private, must-revalidate
> Cache-Control: max-age=0, private, must-revalidate
> < Content-Type: text/html; charset=utf-8
> Content-Type: text/html; charset=utf-8
> < Date: Mon, 10 Nov 2014 20:13:26 GMT
> Date: Mon, 10 Nov 2014 20:13:26 GMT
> < ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
> ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
> < Server: Apache
> Server: Apache
> < Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/;
> HttpOnly
> Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly
> < Status: 200 OK
> Status: 200 OK
> < X-Request-Id: bcd72a89933142d8557af9c386701494
> X-Request-Id: bcd72a89933142d8557af9c386701494
> < X-UA-Compatible: IE=Edge,chrome=1
> X-UA-Compatible: IE=Edge,chrome=1
> < Content-Length: 1
> Content-Length: 1
> < Connection: keep-alive
> Connection: keep-alive
>
> <
> * Connection #0 to host cert.somedomain.com left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141111/c9da66b9/attachment.html>


More information about the erlang-questions mailing list