[erlang-questions] SSL Out of Order Cert Chain Question (9.2)
Ingela Andin
ingela.andin@REDACTED
Sat Oct 19 19:51:31 CEST 2019
Hi!
"Unknown CA" means that you did not have the ROOT certificate of the chian
in your "trusted store" (cacerts option).
If you do not own the ROOT certificate you can not trust the chain.
Regards Ingela Erlang/OTP Team - Ericsson AB
Den fre 18 okt. 2019 kl 21:52 skrev Curtis J Schofield <curtis@REDACTED>:
> Dear Erlang Questions:
>
>
> SSL 9.0.2 mentions a patch to fix out of order cert chains
>
> In SSL 9.2 we have a root CA and an out of order cert chain
> for host hooks.glip.com.
>
> When we try to verify peer with the out of order cert
> chain we get 'Unknown CA'.
>
> Is this expected behaviour for Erlang SSL 9.2 with verify_peer ?
>
> The http://erlang.org/doc/apps/ssl/notes.html#ssl-9.0.2 notes
> mention that other care may need to be taken to ensure compatibility.
>
> Reproduce error:
>
> https://github.com/robotarmy/out-of-order-ssl
>
> Thank you,
> Curtis and Team DevEco
>
>
>
>
> Sent through ProtonMail Encrypted Email Channel.
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20191019/fc3e4cab/attachment.htm>
More information about the erlang-questions
mailing list