[erlang-questions] question about cacertfiles option
Benoit Chesneau
bchesneau@REDACTED
Mon Jun 22 11:04:49 CEST 2015
In hackney, by default the HTTPS connection is using the following options:
[{verify_fun, {fun ssl_verify_hostname:verify_fun/3,
[{check_hostname, Host}]}},
{cacertfile, CACertFile },
{server_name_indication, Host},
{verify, verify_peer}, {depth, 99},
{reuse_sessions, true}]
Where the Host is based on the Url. CaCertFile is this one:
https://github.com/benoitc/hackney/blob/master/priv/ca-bundle.crt
And the verify_fun is here:
https://github.com/deadtrickster/ssl_verify_hostname.erl/blob/master/src/ssl_verify_hostname.erl
It works in most cases but when connecting to Twillio I get the following
error:
2> hackney:get("https://api.twilio.com/2010-04-01/Accounts/").
=ERROR REPORT==== 22-Jun-2015::10:46:28 ===
SSL: certify: ssl_handshake.erl:1403:Fatal error: unknown ca
{error,{tls_alert,"unknown ca"}}
When checking the CA files it seems it contains the thawte certificaes:
$ cat priv/ca-bundle.crt|grep thawte
thawte Primary Root CA
thawte Primary Root CA - G2
thawte Primary Root CA - G3
Before opening a ticket I was wondering if I missed something in my
configuration? Is there anything wrong in the CA file? Any option is
missing?
- benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150622/0b99878d/attachment.htm>
More information about the erlang-questions
mailing list