[erlang-questions] <DKIM> Troubleshooting TLS distribution

Marco Molteni marco.molteni@REDACTED
Sun Jan 10 22:07:00 CET 2016


On 10 Jan 2016, at 04:59, Mark Steele <mark@REDACTED> wrote:

[..]

> So my guess at this point is that either TLS distribution is broken, or there's something that it doesn't like about my certificate.
> 
> Is it doing some weird hostname checking against the CN (or is there some rule for CN naming that needs to be followed?).

Although I am not familiar with the Erlang TLS transport, it looks like it is enforcing RFC6125 (Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)) [1]

Normally when a system enforces RFC6125, one can provide a custom verify() function to override. ***WARNING***: Unless you really understand what you are doing, just slap the hostname in the CN and sleep safely :-)

marco.m

[1] https://tools.ietf.org/html/rfc6125




More information about the erlang-questions mailing list