[rabbitmq-discuss] error loading some CA certificates
Francesco Mazzoli
francesco at rabbitmq.com
Wed Aug 1 14:55:58 BST 2012
Hi Warren,
At Wed, 1 Aug 2012 13:39:47 +0000,
Warren Smith wrote:
>
>
> I'm getting errors when I try to use some CA certificates with RabbitMQ 2.8.4
> and Erlang R15B01. The message in the var/log/rabbit/rabbit at HOST.log file is:
>
> SSL WARNING: Ignoring a CA cert as it could not be correctly decoded.
>
> And then I get quite long error messages after this warning in the log file
> when the client is connecting using a certificate from one of the ignored
> CAs. The relevant part of the error message seems to be:
>
> [...]
>
> These are CA certificates that work fine with OpenSSL and I believe they work
> fine in Java, too. Example certificates that get ignored are the Root and
> Classic ones from http://www.tacc.utexas.edu/CA/.
>
> The above error seems to indicate that the cause is in the code/asn.1 specs
> that erlang is using to decode certificates. Before I dig more into the erlang
> code and take this to the erlang list, I thought I'd record this problem on
> the RabbitMQ list and see if anyone here has any thoughts or a fix.
Yes, the warning message is generated by the ssl library (see the `add_certs/3'
function in `lib/ssl/src/ssl_certificate_db.erl') and the second message is due
to the fact that adding the certificate failed.
I did a quick search in the bug tracker and I don't think we've seen this
before. As you say, this looks like an OTP issue, so moving the discussion to
`erlang-discuss' would probably be useful.
--
Francesco * Often in error, never in doubt
More information about the rabbitmq-discuss
mailing list