[erlang-questions] ssl: Bad Certficate using file generated using mkcert.org
Benoit Chesneau
bchesneau@REDACTED
Sun Apr 1 22:19:03 CEST 2018
err wrong coppy-paste. So using openssl the certidicate looks OK. So it
seems an error in erlang.
OpenSSL> s_client -connect airbrake.io:443 -CAfile
/Users/benoitc/Misc/erlang-certifi/priv/cacerts.pem
CONNECTED(00000006)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN =
AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, O = SSL.com, OU = www.ssl.com, CN = SSL.com DV CA
verify return:1
depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.
airbrake.io
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.airbrake.io
i:/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust
RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
3 s:/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust
RSA Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIRAKLxH0P8s499IyC7Gi9P0e8wDQYJKoZIhvcNAQELBQAw
TTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB1NTTC5jb20xFDASBgNVBAsTC3d3dy5z
c2wuY29tMRYwFAYDVQQDEw1TU0wuY29tIERWIENBMB4XDTE2MTEwNDAwMDAwMFoX
DTE4MTEyODIzNTk1OVowWzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMR4wHAYDVQQLExVFc3NlbnRpYWxTU0wgV2lsZGNhcmQxFjAUBgNVBAMMDSou
YWlyYnJha2UuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXWXkQ
kM5+hdRdZhWC3G+wjwpSF2GNLzEf27+3CQvZA8J7trZ/JdHTwIt6TPnq4igmE/XA
Ej2mOEu2crzO+mVignSSPDItHVB8UenwNphguUskZPSDgVEi5a7rBscFWKkvWMEH
W6vhbrpur+G1j0awhTn6hh++DYUUUl03hUPh6qNN+GQ/wPn+Tbgzw3obX4sE7Iel
UePxeMpzv4rG9nZznStoXYlRFws3BaL8wTkL3G8wLVJndlIKTzMdfDCinvGpkV85
rdfm7UfsvFCdYKosOpbt5iRCJGTJvckFX4ih2MAC8mMP+bwzrNrNkPjuY8To+pVC
F2rNvjRWJn+yTDdVAgMBAAGjggGMMIIBiDAfBgNVHSMEGDAWgBRGmv38UV58VFNS
4pnjszLvkxp/VjAdBgNVHQ4EFgQUkQAJSPUocFTrnPm4af+i76JscKkwDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEoGA1UdIARDMEEwNQYKKwYBBAGCqTABATAnMCUGCCsGAQUFBwIBFhlo
dHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATA0BgNVHR8ELTArMCmg
J6AlhiNodHRwOi8vY3JsLnNzbC5jb20vU1NMY29tRFZDQV8yLmNybDBgBggrBgEF
BQcBAQRUMFIwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jcnQuc3NsLmNvbS9TU0xjb21E
VkNBXzIuY3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5zc2wuY29tMCUGA1Ud
EQQeMByCDSouYWlyYnJha2UuaW+CC2FpcmJyYWtlLmlvMA0GCSqGSIb3DQEBCwUA
A4IBAQBWDuO6czF5/CGPCuySdo9UGy7/Rj/oONzEPSJJcRZ1o6ix+RV7+dQBNBO0
SPuAkgH4k/Qbs75htpduWq+5hIfgYwSWvTW+2kcEZKgkPrg53n7cMT10MTg7I7oS
qNvIpNh+2e6JwaFnM9pYSOSx01zh2HnCi8l+AQmVRdhxVDgOT+9SNcLC3+j/IuY6
iGnse7X4Q3diIMNxtPTdqfPsewLuWH7RJutwuLTIP5qL1R+AH0RmOGeX2K16rPLr
1GczOm5WnRyikYMjGW6llzS7RXgPfvdeU8mt4wK7fvZ9chMLNR7fpmEsWoejmN5P
nqzjN5AKKgED5AjJ+DNtKzzEJqW0
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.
airbrake.io
issuer=/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
---
No client certificate CA names sent
---
SSL handshake has read 5736 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
2CA3877657CF653D2885B34218AC09ECA30A9E125AC0556D749E359F3A6822F7
Session-ID-ctx:
Master-Key:
2D3A255FF47D44AAD4CA06024149B9538819A0C832426B69B83EFE76E5404BC87790360A2F4FFC9933DB76816555C6B1
Start Time: 1522613874
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
HTTP/1.0 408 Request Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>408 Request Time-out</h1>
Your browser didn't send a complete request in time.
</body></html>
closed
On Sun, Apr 1, 2018 at 10:06 PM, Benoit Chesneau <bchesneau@REDACTED>
wrote:
> heh OK, no problem :)
>
> To be complete the chain retuned by openssl is :
>
> OpenSSL> s_client -connect airbrake.io:443 -showcerts
> CONNECTED(00000006)
> depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN =
> AddTrust External CA Root
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
> 0 s:/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.
> airbrake.io
> i:/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
> -----BEGIN CERTIFICATE-----
> MIIEwTCCA6mgAwIBAgIRAKLxH0P8s499IyC7Gi9P0e8wDQYJKoZIhvcNAQELBQAw
> TTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB1NTTC5jb20xFDASBgNVBAsTC3d3dy5z
> c2wuY29tMRYwFAYDVQQDEw1TU0wuY29tIERWIENBMB4XDTE2MTEwNDAwMDAwMFoX
> DTE4MTEyODIzNTk1OVowWzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
> dGVkMR4wHAYDVQQLExVFc3NlbnRpYWxTU0wgV2lsZGNhcmQxFjAUBgNVBAMMDSou
> YWlyYnJha2UuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXWXkQ
> kM5+hdRdZhWC3G+wjwpSF2GNLzEf27+3CQvZA8J7trZ/JdHTwIt6TPnq4igmE/XA
> Ej2mOEu2crzO+mVignSSPDItHVB8UenwNphguUskZPSDgVEi5a7rBscFWKkvWMEH
> W6vhbrpur+G1j0awhTn6hh++DYUUUl03hUPh6qNN+GQ/wPn+Tbgzw3obX4sE7Iel
> UePxeMpzv4rG9nZznStoXYlRFws3BaL8wTkL3G8wLVJndlIKTzMdfDCinvGpkV85
> rdfm7UfsvFCdYKosOpbt5iRCJGTJvckFX4ih2MAC8mMP+bwzrNrNkPjuY8To+pVC
> F2rNvjRWJn+yTDdVAgMBAAGjggGMMIIBiDAfBgNVHSMEGDAWgBRGmv38UV58VFNS
> 4pnjszLvkxp/VjAdBgNVHQ4EFgQUkQAJSPUocFTrnPm4af+i76JscKkwDgYDVR0P
> AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
> AQUFBwMCMEoGA1UdIARDMEEwNQYKKwYBBAGCqTABATAnMCUGCCsGAQUFBwIBFhlo
> dHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATA0BgNVHR8ELTArMCmg
> J6AlhiNodHRwOi8vY3JsLnNzbC5jb20vU1NMY29tRFZDQV8yLmNybDBgBggrBgEF
> BQcBAQRUMFIwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jcnQuc3NsLmNvbS9TU0xjb21E
> VkNBXzIuY3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5zc2wuY29tMCUGA1Ud
> EQQeMByCDSouYWlyYnJha2UuaW+CC2FpcmJyYWtlLmlvMA0GCSqGSIb3DQEBCwUA
> A4IBAQBWDuO6czF5/CGPCuySdo9UGy7/Rj/oONzEPSJJcRZ1o6ix+RV7+dQBNBO0
> SPuAkgH4k/Qbs75htpduWq+5hIfgYwSWvTW+2kcEZKgkPrg53n7cMT10MTg7I7oS
> qNvIpNh+2e6JwaFnM9pYSOSx01zh2HnCi8l+AQmVRdhxVDgOT+9SNcLC3+j/IuY6
> iGnse7X4Q3diIMNxtPTdqfPsewLuWH7RJutwuLTIP5qL1R+AH0RmOGeX2K16rPLr
> 1GczOm5WnRyikYMjGW6llzS7RXgPfvdeU8mt4wK7fvZ9chMLNR7fpmEsWoejmN5P
> nqzjN5AKKgED5AjJ+DNtKzzEJqW0
> -----END CERTIFICATE-----
> 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
> External CA Root
> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
> External CA Root
> -----BEGIN CERTIFICATE-----
> MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
> MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
> IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
> MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
> FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
> bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
> dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
> H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
> uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
> mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
> a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
> E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
> WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
> VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
> Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
> cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
> IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
> AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
> YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
> 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
> Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
> c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
> mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
> -----END CERTIFICATE-----
> 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
> Network/CN=USERTrust RSA Certification Authority
> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
> External CA Root
> -----BEGIN CERTIFICATE-----
> MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
> MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
> ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
> eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
> gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
> ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
> VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
> BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
> UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
> tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
> jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
> 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
> AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
> Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
> N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
> qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
> HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
> +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
> HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
> A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
> BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
> HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
> dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
> dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
> lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
> RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
> YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
> Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
> Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
> 0fKtirOMxyHNwu8=
> -----END CERTIFICATE-----
> 3 s:/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
> i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
> Network/CN=USERTrust RSA Certification Authority
> -----BEGIN CERTIFICATE-----
> MIIF5jCCA86gAwIBAgIQEQDFvydYwZlp/Gjtcp381zANBgkqhkiG9w0BAQwFADCB
> iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
> cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
> BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw
> NzA0MDAwMDAwWhcNMjQwNzAzMjM1OTU5WjBNMQswCQYDVQQGEwJVUzEQMA4GA1UE
> ChMHU1NMLmNvbTEUMBIGA1UECxMLd3d3LnNzbC5jb20xFjAUBgNVBAMTDVNTTC5j
> b20gRFYgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAJEcVY7NR
> 2qmRMLzC17tObKov3Jf1AQLOfZRfCi26JM4lYzJoW7uMO6RSwBJeP6pSBYthSWLc
> R+zd0bsQW5xKGITX51HYBH3daGWQEJIWVfL59cw3qhRsMQ5XP/IMZ15BOUxqGRVV
> 7NnCBBVcrWVhrEqSZbM6o61lMBU3sQQlYep/Ie3Ce6ca8oWfX5h4hrWtxuRCiBB4
> EjxMB5KYOKJnQaOLEXaRhgr8cNHhzjl2KrKx/tCMtR/9pqy/+dOCKDiQWkg+hBoT
> D/hGc/B3x7KfHAbdLJTPrRdJrFnSwMWwPcrWGIrrud3w5VxzXBjPAzQn7Dg/hpGB
> NHEHBwKsLER3AgMBAAGjggGEMIIBgDAfBgNVHSMEGDAWgBRTeb9aqitKz1SA4dib
> wJ3ysgNmyzAdBgNVHQ4EFgQURpr9/FFefFRTUuKZ47My75Maf1YwDgYDVR0PAQH/
> BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
> CCsGAQUFBwMCMCEGA1UdIAQaMBgwDAYKKwYBBAGCqTABATAIBgZngQwBAgEwVQYD
> VR0fBE4wTDBKoEigRoZEaHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vVVNF
> UlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwgYAGCCsGAQUFBwEB
> BHQwcjBEBggrBgEFBQcwAoY4aHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jb20v
> VVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9v
> Y3NwLnRydXN0LXByb3ZpZGVyLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAB1RJZUdF
> d05ZN1SYdTZsDj9Rq9De097SCCWi0E97Ehc2MRQag98VqlZPrC2WM9q+C7Z5MvcM
> 1njs15p55YRJbHjjECgiabKEPsx3xXH+oTb4kKzQjqMZV5CNC7K+5H4OaCtNcFEZ
> E2vWRI9hunFjTfTJ9VrKjGIwcYz30VtdB1vtk0Jaf0lnC4H1GOAdw3IwJgbygOeu
> ACY/1RH5U0ai2e9wWXsiADjBtHbiFPEzt5Cmu2wag9fPrX663Xs5TqjDNCPAgCLm
> ijzyrCQmlCaug332cwnYI5dA0Oa/eIV6lYZTev143bZWs+A6dQhXDJUQzfSvPsQS
> Pu/W3QAkw4vuZ97mVvgzK5LiDWps2N9Fw9b5Et4Op+cuy27I48fG3bRH0dROJwYs
> w+MrMc5Sy/TOl9a5UUmtq2jEJbEv7xU5x1bvhaFfBtxoF36sLLuPf19Aev4n2Y46
> Fou4Aup1eWVyS+XYKiaTGzxL5b4fbwhKItk8NptdrJ26YmdCl6cFNaabXHHak24W
> I0cF4+u8ATOxkdFkuLyWusWzfmfIMHX1ZHD3giYavooNnupzxnju58Tpc9AsCgyL
> rRxTbur5AscjOsHHfzeeTqflKtslTvJ9AvNkPLizR2cMk4+1h+6yDBHggsm0bZn0
> AeY5kXGfjIimFcd00xvjkVn41em3We1sghs=
> -----END CERTIFICATE-----
> ---
> Server certificate
> subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.
> airbrake.io
> issuer=/C=US/O=SSL.com/OU=www.ssl.com/CN=SSL.com DV CA
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5736 bytes and written 444 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : ECDHE-RSA-AES128-GCM-SHA256
> Session-ID: 62BF8A905F9DF278347423E70D1001
> 44AEB17B41C4BEB41FE8BC83512D8AE5C7
> Session-ID-ctx:
> Master-Key: D3F6811B769DE3E5045BB386AE6CA5
> 61C272F44014A3F1DB8F8786B599D11015CE44AF5B8351CDD466EA7A02E764F78A
> Start Time: 1522613090
> Timeout : 300 (sec)
> Verify return code: 0 (ok)
> ---
> HTTP/1.0 408 Request Time-out
> Cache-Control: no-cache
> Connection: close
> Content-Type: text/html
>
> <html><body><h1>408 Request Time-out</h1>
> Your browser didn't send a complete request in time.
> </body></html>
> closed
>
>
> On Sun, Apr 1, 2018 at 9:23 PM, Luke Bakken <luke@REDACTED> wrote:
>
>> Oh, never mind, I thought you were responsible for the airbrake.io cert.
>>
>> I have seen the same behavior you report when using different CA
>> certificate bundles. Using the default OS X bundle usually works,
>> while recent Mozilla CA bundles don't. I did a bunch of diagnosis but
>> never came to a definitive conclusion. I'll re-visit what I did and
>> will see if I can figure out what exactly works and what doesn't.
>>
>> Luke
>>
>> On Sun, Apr 1, 2018 at 12:13 PM, Benoit Chesneau <bchesneau@REDACTED>
>> wrote:
>> > hrm not sure i understand. You mean to the cacerts file or to the cert
>> of
>> > airbrake? I’m not responsible of the last one.
>> >
>> > Benoît
>> >
>> >
>> > On Sunday, April 1, 2018, Luke Bakken <luke@REDACTED> wrote:
>> >>
>> >> Try adding "digitalSignature" to the keyUsage field for the cert.
>> >>
>> >> Luke
>> >>
>> >> On Sun, Apr 1, 2018, 10:55 AM Benoit Chesneau <bchesneau@REDACTED>
>> wrote:
>> >>>
>> >>> I'm trying to connect to airbrake.io via ssl using the certificates
>> >>> generated by the website mkcert: https://mkcert.org/ which get the
>> >>> certificates from Mozilla but I get a "Bad certificat" error on latest
>> >>> release of erlang:
>> >>>
>> >>> 9> ssl:connect("airbrake.io", 443, [{cacertfile, CaCertFile},
>> {verify,
>> >>> verify_peer}, {depth, 99}]).
>> >>>
>> >>> =INFO REPORT==== 1-Apr-2018::19:45:51 ===
>> >>> TLS client: In state certify at ssl_handshake.erl:1271 generated
>> CLIENT
>> >>> ALERT: Fatal - Bad Certificate
>> >>>
>> >>> {error,{tls_alert,"bad certificate"}}
>> >>>
>> >>>
>> >>> where with google it worked:
>> >>>
>> >>> 10> ssl:connect("google.com", 443, [{cacertfile, CaCertFile},
>> {verify,
>> >>> verify_peer}, {depth, 99}]).
>> >>> {ok,{sslsocket,{gen_tcp,#Port<0.9355>,tls_connection,
>> >>> undefined},
>> >>> <0.224.0>}}
>> >>>
>> >>>
>> >>>
>> >>> It used to work with previous versions of Erlang, did something
>> changed
>> >>> in the validation in 20.x?
>> >>>
>> >>> Also how can I check what is the exact issue in the certificate that
>> >>> cause this error? According sslabs there are no issue in checking the
>> >>> certificate:
>> >>>
>> >>> https://www.ssllabs.com/ssltest/analyze.html?d=airbrake.io
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> erlang-questions mailing list
>> >>> erlang-questions@REDACTED
>> >>> http://erlang.org/mailman/listinfo/erlang-questions
>> >
>> >
>> >
>> > --
>> > Sent from my Mobile
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180401/cb9ec7c0/attachment.htm>
More information about the erlang-questions
mailing list