[erlang-questions] question about cacertfiles option

Benoit Chesneau bchesneau@REDACTED
Mon Jun 22 11:04:49 CEST 2015

In hackney, by default the HTTPS connection  is using the following options:

    [{verify_fun, {fun ssl_verify_hostname:verify_fun/3,
                                   [{check_hostname, Host}]}},
    {cacertfile, CACertFile },
    {server_name_indication, Host},
    {verify, verify_peer}, {depth, 99},
    {reuse_sessions, true}]

Where the Host is based on the Url. CaCertFile is this one:

And  the verify_fun is here:

It works in most cases but when connecting to Twillio I get the following

    2> hackney:get("https://api.twilio.com/2010-04-01/Accounts/").

    =ERROR REPORT==== 22-Jun-2015::10:46:28 ===
    SSL: certify: ssl_handshake.erl:1403:Fatal error: unknown ca
    {error,{tls_alert,"unknown ca"}}

When checking the CA files it seems it contains the thawte certificaes:

    $ cat priv/ca-bundle.crt|grep thawte
    thawte Primary Root CA
    thawte Primary Root CA - G2
    thawte Primary Root CA - G3

Before opening a ticket I was wondering if I missed something in my
configuration? Is there anything wrong in the CA file? Any option is

- benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150622/0b99878d/attachment.htm>

More information about the erlang-questions mailing list