[rabbitmq-discuss] error loading some CA certificates

Francesco Mazzoli francesco at rabbitmq.com
Wed Aug 1 14:55:58 BST 2012


Hi Warren,
At Wed, 1 Aug 2012 13:39:47 +0000,
Warren Smith wrote:
> 
> 
> I'm getting errors when I try to use some CA certificates with RabbitMQ 2.8.4
> and Erlang R15B01. The message in the var/log/rabbit/rabbit at HOST.log file is:
> 
> SSL WARNING: Ignoring a CA cert as it could not be correctly decoded.
> 
> And then I get quite long error messages after this warning in the log file
> when the client is connecting using a certificate from one of the ignored
> CAs. The relevant part of the error message seems to be:
> 
> [...]
> 
> These are CA certificates that work fine with OpenSSL and I believe they work
> fine in Java, too. Example certificates that get ignored are the Root and
> Classic ones from http://www.tacc.utexas.edu/CA/.
>  
> The above error seems to indicate that the cause is in the code/asn.1 specs
> that erlang is using to decode certificates. Before I dig more into the erlang
> code and take this to the erlang list, I thought I'd record this problem on
> the RabbitMQ list and see if anyone here has any thoughts or a fix.

Yes, the warning message is generated by the ssl library (see the `add_certs/3'
function in `lib/ssl/src/ssl_certificate_db.erl') and the second message is due
to the fact that adding the certificate failed.

I did a quick search in the bug tracker and I don't think we've seen this
before.  As you say, this looks like an OTP issue, so moving the discussion to
`erlang-discuss' would probably be useful.

--
Francesco * Often in error, never in doubt


More information about the rabbitmq-discuss mailing list