[erlang-questions] bad certificate if trying to verify StartSsl certificate

Alex Hudich alttagil@REDACTED
Fri Jul 17 11:17:52 CEST 2015


It seems that it is version specific bug. It can be reproduced in 18 and 17.4 OTP versions and everything works fine in 17.5

# erl
Erlang/OTP 17 [erts-6.4] [source] [64-bit] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V6.4  (abort with ^G)
1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect( "www.nicemine.ru", 443, [{verify,verify_peer},{server_name_indication,"www.nicemine.ru"},{depth,2},{cacertfile,"cacert.pem"}] ).
{ok,{sslsocket,{gen_tcp,#Port<0.903>,tls_connection,
                        undefined},
               <0.48.0>}}
3> 



> 16 июля 2015 г., в 21:16, Santiago Fernández <santif@REDACTED> написал(а):
> 
> can't reproduce:
> 
> Erlang/OTP 17 [erts-6.4] [source] [64-bit] [smp:8:8] [async-threads:10] [kernel-poll:false]
> 
> Eshell V6.4  (abort with ^G)
> 1> application:ensure_all_started(ssl).
> {ok,[crypto,asn1,public_key,ssl]}
> 2> ssl:connect( "www.nicemine.ru <http://www.nicemine.ru/>", 443, [{verify,verify_peer},{server_name_indication,"www.nicemine.ru <http://www.nicemine.ru/>"},{depth,2},{cacertfile,"cacert.pem"}] ).
> {ok,{sslsocket,{gen_tcp,#Port<0.821>,tls_connection,
>                         undefined},
>                <0.49.0>}}
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150717/931c93c1/attachment.htm>


More information about the erlang-questions mailing list