[erlang-questions] question about cacertfiles option
Robert Raschke
rtrlists@REDACTED
Mon Jun 22 16:06:17 CEST 2015
This is checking the cert from twilio, though. Right? So there's something
in their ca chain, that ends up unknown. Or am I getting the wrong end of
the stick.
/Robby
On Jun 22, 2015 10:05 AM, "Benoit Chesneau" <bchesneau@REDACTED> wrote:
> In hackney, by default the HTTPS connection is using the following
> options:
>
> [{verify_fun, {fun ssl_verify_hostname:verify_fun/3,
> [{check_hostname, Host}]}},
> {cacertfile, CACertFile },
> {server_name_indication, Host},
> {verify, verify_peer}, {depth, 99},
> {reuse_sessions, true}]
>
> Where the Host is based on the Url. CaCertFile is this one:
> https://github.com/benoitc/hackney/blob/master/priv/ca-bundle.crt
>
> And the verify_fun is here:
> https://github.com/deadtrickster/ssl_verify_hostname.erl/blob/master/src/ssl_verify_hostname.erl
>
> It works in most cases but when connecting to Twillio I get the following
> error:
>
> 2> hackney:get("https://api.twilio.com/2010-04-01/Accounts/").
>
> =ERROR REPORT==== 22-Jun-2015::10:46:28 ===
> SSL: certify: ssl_handshake.erl:1403:Fatal error: unknown ca
> {error,{tls_alert,"unknown ca"}}
>
> When checking the CA files it seems it contains the thawte certificaes:
>
> $ cat priv/ca-bundle.crt|grep thawte
> thawte Primary Root CA
> thawte Primary Root CA - G2
> thawte Primary Root CA - G3
>
> Before opening a ticket I was wondering if I missed something in my
> configuration? Is there anything wrong in the CA file? Any option is
> missing?
>
> - benoit
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150622/c6427409/attachment.htm>
More information about the erlang-questions
mailing list