[erlang-questions] SSL: "unknown ca"

e@REDACTED e@REDACTED
Sat Jan 31 03:24:23 CET 2015


On 01/31/2015 02:54 AM, zxq9 wrote:
> On 2015年1月31日 土曜日 02:41:35 e@REDACTED wrote:
>> On 01/31/2015 02:37 AM, zxq9 wrote:
>>> On 2015年1月31日 土曜日 02:13:39 e@REDACTED wrote:
>>>> On 01/31/2015 02:09 AM, PAILLEAU Eric wrote:
>>>>>> trusted by WHOM?
>>>>>> what particular application makes a decision to throw me an error?
>>>>>
>>>>> Trusted by you for sure.
>>>>
>>>> pardon me, i think puns are not very productive.
>>>>
>>>>> The error is raised by openssl.
>>>>
>>>> well, i guess there MUST BE a way to suppress this "wise" behavior.
>>>> is there any docs, describing relations between erlang's "ssl" and
>>>> openssl? how is it called? when? and what options are fed to openssl?
>>>>
>>>> maybe there is plain and simple switch "do not verify"?
>>>
>>> This has been the reality sand in the CA pudding since the beginning.
>>>
>>> You have a choice: verify every CA yourself (which pretty much relegates
>>> you to only using CAs you or people you actually know generate), or trust
>>> the general bundle that groups like OpenSSL, Mozilla, Google, Microsoft,
>>> etc. generally trust together.
>>
>> You missed one important option: I shall trust MYSELF and it is exactly
>> my case.
>> i do not want my own certificate to be validated against my own authority.
>> you see?
>
> lol wut?

let's revert to the beginning of the thread.

I have launched a server, i have fed it with all the certificates needed.
i try to connect to the server by a client and *the server* (NOT THE 
CLIENT!!!) throws an error "unknown ca".

trying to figure out the reason behind this laconic formula, i came up 
with the following questions:

what particular application throws it?
what particular entity on *MY* server is referred to as "CA"?
to whom it is "unknown", and what is considered "knowledge" in this context?



More information about the erlang-questions mailing list