[erlang-questions] SSL error

Youngkin, Rich richard.youngkin@REDACTED
Tue Nov 11 15:45:10 CET 2014


Thanks, Ingela. I suspected it might be something like that.

Cheers,
Rich

On Tue, Nov 11, 2014 at 2:17 AM, Ingela Andin <ingela.andin@REDACTED>
wrote:

> Hi!
>
> That is a really old bug, you need to have public_key-0.17  at least to
> avoid it. Latest is public_key-0.22.1
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> 2014-11-10 21:26 GMT+01:00 Youngkin, Rich <richard.youngkin@REDACTED>:
>
>> Hi all,
>>
>> I'm having an issue sending an http request to a service and I'm not sure
>> if it's a problem with the certificate or in Erlang. The app is using
>> R15B03. I've included the Erlang error message below. I tried sending the
>> request via curl and it looks fine to my not-very-proficient-in-ssl eyes.
>> Any ideas where I should focus - Erlang or the certificate?
>>
>> Thanks,
>> Rich
>>
>> I used "some*" to replace actual values...
>>
>> 2014-11-07T17:55:31Z ERRORED sub=00000ce5-cb71-83fc-3b95-76d3eed24d94
>> msg=00000ce5-cbbe-f055-3b95-76d3eed24d94 del_attempt=00000ce5-cbbe-f055-3b95-76d3eed24d94
>> reason={'EXIT', {{{function_clause, [{pubkey_cert,digest_type,
>> [{1,2,840,113549,1,1,12}], [{file,"pubkey_cert.erl"},{line,377}]},
>> {pubkey_cert,extract_verify_data,2, [{file,"pubkey_cert.erl"},{line,358}]},
>> {pubkey_cert,verify_signature,4, [{file,"pubkey_cert.erl"},{line,362}]},
>> {pubkey_cert,validate_signature,6, [{file,"pubkey_cert.erl"},{line,160}]},
>> {public_key,validate,2,[{file,"public_key.erl"},{line,647}]},
>> {public_key,path_validation,2,[{file,"public_key.erl"},{line,591}]},
>> {ssl_handshake,certify,7,[{file,"ssl_handshake.erl"},{line,218}]},
>> {ssl_connection,certify,2, [{file,"ssl_connection.erl"},{line,514}]}]},
>> {gen_fsm,sync_send_all_state_event,[<0.9974.31>,start,10000]}},
>> {gen_server,call, [<0.8657.31>, {send_req, {{url,"https://
>> <https://cert.learningcatalytics.com/message_receiver>
>> cert.somedomain.com/someresource";, "cert.somedomain.com
>> <http://cert.learningcatalytics.com/>",443,undefined,undefined,
>> "/message_receiver",https}, [{"Content-Type","application/x-www-form-urlencoded"}],
>> post, ...
>>
>>
>> curl -i -v -X POST https://cert.somedomain.com/someresource
>> * About to connect() to cert.somedomain.comport 443 (#0)
>> *   Trying 54.225.73.122... connected
>> * successfully set certificate verify locations:
>> *   CAfile: none
>>   CApath: /etc/ssl/certs
>> * SSLv3, TLS handshake, Client hello (1):
>> * SSLv3, TLS handshake, Server hello (2):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Server key exchange (12):
>> * SSLv3, TLS handshake, Server finished (14):
>> * SSLv3, TLS handshake, Client key exchange (16):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSL connection using ECDHE-RSA-AES128-SHA
>> * Server certificate:
>> *  subject: C=US; postalCode=SomeZipCode; ST=NJ; L=Old Tappan;
>> street=200 Old Tappan Rd; O=SomeOrgName; OU=Web Security; OU=Enterprise SSL
>> Wildcard; CN=*.somedomain.com
>> *  start date: 2014-10-09 00:00:00 GMT
>> *  expire date: 2017-10-08 23:59:59 GMT
>> *  subjectAltName: cert.somedomain.com matched
>> *  issuer: C=US; ST=DE; L=Wilmington; O=Corporation Service Company;
>> CN=Trusted Secure Certificate Authority 5
>> *  SSL certificate verify ok.
>> > POST /message_receiver HTTP/1.1
>> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
>> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
>> > Host: cert.somedomain.com
>> > Accept: */*
>> >
>> < HTTP/1.1 200 OK
>> HTTP/1.1 200 OK
>> < Cache-Control: max-age=0, private, must-revalidate
>> Cache-Control: max-age=0, private, must-revalidate
>> < Content-Type: text/html; charset=utf-8
>> Content-Type: text/html; charset=utf-8
>> < Date: Mon, 10 Nov 2014 20:13:26 GMT
>> Date: Mon, 10 Nov 2014 20:13:26 GMT
>> < ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
>> ETag: "7215ee9c7d9dc229d2921a40e899ec5f"
>> < Server: Apache
>> Server: Apache
>> < Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/;
>> HttpOnly
>> Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly
>> < Status: 200 OK
>> Status: 200 OK
>> < X-Request-Id: bcd72a89933142d8557af9c386701494
>> X-Request-Id: bcd72a89933142d8557af9c386701494
>> < X-UA-Compatible: IE=Edge,chrome=1
>> X-UA-Compatible: IE=Edge,chrome=1
>> < Content-Length: 1
>> Content-Length: 1
>> < Connection: keep-alive
>> Connection: keep-alive
>>
>> <
>> * Connection #0 to host cert.somedomain.com left intact
>> * Closing connection #0
>> * SSLv3, TLS alert, Client hello (1):
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141111/84d25727/attachment.htm>


More information about the erlang-questions mailing list