<div dir="ltr"><div><div>Hi!<br><br></div>That is a really old bug, you need to have public_key-0.17  at least to avoid it. Latest is public_key-0.22.1<br><br></div>Regards Ingela Erlang/OTP team - Ericsson AB<br><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2014-11-10 21:26 GMT+01:00 Youngkin, Rich <span dir="ltr"><<a href="mailto:richard.youngkin@pearson.com" target="_blank">richard.youngkin@pearson.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I'm having an issue sending an http request to a service and I'm not sure if it's a problem with the certificate or in Erlang. The app is using R15B03. I've included the Erlang error message below. I tried sending the request via curl and it looks fine to my not-very-proficient-in-ssl eyes.  Any ideas where I should focus - Erlang or the certificate?</div><div><br></div><div>Thanks,</div><div>Rich</div><div><br></div><div><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">I used "some*" to replace actual values...</span></div><div><span style="font-family:arial,sans-serif;font-size:12.7272720336914px"><br></span></div><div></div><div><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">2014-11-07T17:55:31Z ERRORED sub=00000ce5-cb71-83fc-3b95-</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">76d3eed24d94 msg=00000ce5-cbbe-f055-3b95-</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">76d3eed24d94 del_attempt=00000ce5-cbbe-</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">f055-3b95-76d3eed24d94 reason={'EXIT', {{{function_clause, [{pubkey_cert,digest_type, [{1,2,840,113549,1,1,12}], [{file,"pubkey_cert.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,377}]}, {pubkey_cert,extract_verify_</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">data,2, [{file,"pubkey_cert.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,358}]}, {pubkey_cert,verify_signature,</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">4, [{file,"pubkey_cert.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,362}]}, {pubkey_cert,validate_</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">signature,6, [{file,"pubkey_cert.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,160}]}, {public_key,validate,2,[{file,</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">"public_key.erl"},{line,647}]}</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">, {public_key,path_validation,2,</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">[{file,"public_key.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,591}]}, {ssl_handshake,certify,7,[{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">file,"ssl_handshake.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,218}]}, {ssl_connection,certify,2, [{file,"ssl_connection.erl"},{</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">line,514}]}]}, {gen_fsm,sync_send_all_state_</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">event,[<0.9974.31>,start,</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">10000]}}, {gen_server,call, [<0.8657.31>, {send_req, {{url,"</span><a href="https://cert.learningcatalytics.com/message_receiver" style="font-family:arial,sans-serif;font-size:12.7272720336914px" target="_blank">https://</a><a href="http://cert.somedomain.com/someresource" target="_blank">cert.somedomain.com/someresource</a><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">";, "</span><a href="http://cert.learningcatalytics.com/" style="font-family:arial,sans-serif;font-size:12.7272720336914px" target="_blank">cert.somedomain.com</a><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">",</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">443,undefined,undefined, "/message_receiver",https}, [{"Content-Type","application/</span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">x-www-form-urlencoded"}], post, ...</span><br></div><div><span style="font-family:arial,sans-serif;font-size:12.7272720336914px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.7272720336914px"><br></span></div><div><font face="arial, sans-serif">curl -i -v -X POST https://</font><a href="http://cert.somedomain.com" target="_blank">cert.somedomain.com</a><font face="arial, sans-serif">/someresource</font><br></div><div><div><font face="arial, sans-serif">* About to connect() to </font><a href="http://cert.somedomain.com" target="_blank">cert.somedomain.com</a><font face="arial, sans-serif">port 443 (#0)</font></div><div><font face="arial, sans-serif">*   Trying 54.225.73.122... connected</font></div><div><font face="arial, sans-serif">* successfully set certificate verify locations:</font></div><div><font face="arial, sans-serif">*   CAfile: none</font></div><div><font face="arial, sans-serif">  CApath: /etc/ssl/certs</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Client hello (1):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Server hello (2):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, CERT (11):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Server key exchange (12):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Server finished (14):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Client key exchange (16):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS change cipher, Client hello (1):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Finished (20):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS change cipher, Client hello (1):</font></div><div><font face="arial, sans-serif">* SSLv3, TLS handshake, Finished (20):</font></div><div><font face="arial, sans-serif">* SSL connection using ECDHE-RSA-AES128-SHA</font></div><div><font face="arial, sans-serif">* Server certificate:</font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap">       </span> subject: C=US; postalCode=SomeZipCode; ST=NJ; L=Old Tappan; street=200 Old Tappan Rd; O=SomeOrgName; OU=Web Security; OU=Enterprise SSL Wildcard; CN=*.<a href="http://somedomain.com" target="_blank">somedomain.com</a></font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap"> </span> start date: 2014-10-09 00:00:00 GMT</font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap">       </span> expire date: 2017-10-08 23:59:59 GMT</font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap">      </span> subjectAltName: <a href="http://cert.somedomain.com" target="_blank">cert.somedomain.com</a> matched</font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap">      </span> issuer: C=US; ST=DE; L=Wilmington; O=Corporation Service Company; CN=Trusted Secure Certificate Authority 5</font></div><div><font face="arial, sans-serif">* <span style="white-space:pre-wrap">       </span> SSL certificate verify ok.</font></div><div><font face="arial, sans-serif">> POST /message_receiver HTTP/1.1</font></div><div><font face="arial, sans-serif">> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/<a href="http://1.2.3.4" target="_blank">1.2.3.4</a> libidn/1.23 librtmp/2.3</font></div><div><font face="arial, sans-serif">> Host: </font><a href="http://cert.somedomain.com" target="_blank">cert.somedomain.com</a></div><div><font face="arial, sans-serif">> Accept: */*</font></div><div><font face="arial, sans-serif">></font></div><div><font face="arial, sans-serif">< HTTP/1.1 200 OK</font></div><div><font face="arial, sans-serif">HTTP/1.1 200 OK</font></div><div><font face="arial, sans-serif">< Cache-Control: max-age=0, private, must-revalidate</font></div><div><font face="arial, sans-serif">Cache-Control: max-age=0, private, must-revalidate</font></div><div><font face="arial, sans-serif">< Content-Type: text/html; charset=utf-8</font></div><div><font face="arial, sans-serif">Content-Type: text/html; charset=utf-8</font></div><div><font face="arial, sans-serif">< Date: Mon, 10 Nov 2014 20:13:26 GMT</font></div><div><font face="arial, sans-serif">Date: Mon, 10 Nov 2014 20:13:26 GMT</font></div><div><font face="arial, sans-serif">< ETag: "7215ee9c7d9dc229d2921a40e899ec5f"</font></div><div><font face="arial, sans-serif">ETag: "7215ee9c7d9dc229d2921a40e899ec5f"</font></div><div><font face="arial, sans-serif">< Server: Apache</font></div><div><font face="arial, sans-serif">Server: Apache</font></div><div><font face="arial, sans-serif">< Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly</font></div><div><font face="arial, sans-serif">Set-Cookie: _lc_session=03e19badfa917af689f53b27a2297f8a; path=/; HttpOnly</font></div><div><font face="arial, sans-serif">< Status: 200 OK</font></div><div><font face="arial, sans-serif">Status: 200 OK</font></div><div><font face="arial, sans-serif">< X-Request-Id: bcd72a89933142d8557af9c386701494</font></div><div><font face="arial, sans-serif">X-Request-Id: bcd72a89933142d8557af9c386701494</font></div><div><font face="arial, sans-serif">< X-UA-Compatible: IE=Edge,chrome=1</font></div><div><font face="arial, sans-serif">X-UA-Compatible: IE=Edge,chrome=1</font></div><div><font face="arial, sans-serif">< Content-Length: 1</font></div><div><font face="arial, sans-serif">Content-Length: 1</font></div><div><font face="arial, sans-serif">< Connection: keep-alive</font></div><div><font face="arial, sans-serif">Connection: keep-alive</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif"><</font></div><div><font face="arial, sans-serif">* Connection #0 to host </font><a href="http://cert.somedomain.com" target="_blank">cert.somedomain.com</a><font face="arial, sans-serif"> left intact</font></div><div><font face="arial, sans-serif">* Closing connection #0</font></div><div><font face="arial, sans-serif">* SSLv3, TLS alert, Client hello (1):</font></div></div></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div></div></div></div>