[erlang-questions] ssl: Bad Certficate using file generated using mkcert.org

Andrew Thompson andrew@REDACTED
Mon Apr 2 18:09:24 CEST 2018


On Mon, Apr 02, 2018 at 10:11:17AM +0200, Benoit Chesneau wrote:
> It seems according ssllabs there is a problem with the chain: "Incorrect
> order, Contains anchor"  which is probably the root issue:
> https://github.com/benoitc/hackney/issues/490#issuecomment-377873484
> 
> I'm now wondering if there is any possibility to fix it in recent Erlang
> versions. Did anyone already encounter such issue?
> 

I believe you can supply a custom verify_fun to the ssl application that
can, sometimes, let you fix some of these issues. You might be able to
handle the bad_cert case and fix up the ordering and verify it by hand.

There's some old code I wrote that uses this to do something similar
(except with CRLs) here:

https://github.com/Vagabond/erl_crl_example/blob/master/src/client.erl

Andrew



More information about the erlang-questions mailing list