[erlang-questions] <DKIM> Troubleshooting TLS distribution
Marco Molteni
marco.molteni@REDACTED
Sun Jan 10 22:07:00 CET 2016
On 10 Jan 2016, at 04:59, Mark Steele <mark@REDACTED> wrote:
[..]
> So my guess at this point is that either TLS distribution is broken, or there's something that it doesn't like about my certificate.
>
> Is it doing some weird hostname checking against the CN (or is there some rule for CN naming that needs to be followed?).
Although I am not familiar with the Erlang TLS transport, it looks like it is enforcing RFC6125 (Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)) [1]
Normally when a system enforces RFC6125, one can provide a custom verify() function to override. ***WARNING***: Unless you really understand what you are doing, just slap the hostname in the CN and sleep safely :-)
marco.m
[1] https://tools.ietf.org/html/rfc6125
More information about the erlang-questions
mailing list