incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: Problem connecting to Couchdg on SSL erlang: {reason,ekeyfile},
Date Wed, 12 Feb 2014 20:19:15 GMT
Hi Claris,

Probably you need to ensure that your keyfile is the correct format.
The first line should look like '-----BEGIN RSA PRIVATE KEY-----'  but
not '-----BEGIN PRIVATE KEY-----' which is PKCS#8 format.

More info http://www.rabbitmq.com/troubleshooting-ssl.html and
specifically http://docs.couchdb.org/en/latest/config/http.html#config-ssl

You can use the test certs from the mochiweb project (CouchDB uses a
variant of that internally)
https://github.com/mochi/mochiweb/tree/master/examples/https

Also, the quality and compatibility of native SSL varies wildly with
erlang releases, generally later the better (e.g. R16B03-1). But there
are already known bugs within that too.

For serious (heavy load) SSL usage we recommend stunnel, haproxy, or
stud for this reason.


On 12 February 2014 20:04, Claris Castillo <clariscastej@gmail.com> wrote:
> I have been running an Apache-Couchdb-1.1.1 server successfully for the
> last couple of months.
> Today I decided to enable SSL.
>
>>> curl -k -v https://myserver:6984
>
> * About to connect() to myservert port 6984 (#0)
>
> *   Trying x.x.x.x... connected
>
> * Connected to myserver (x.x.x.x) port 6984 (#0)
>
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
>
> * warning: ignoring value of ssl.verifyhost
>
> * NSS error -5938
>
> * Closing connection #0
>
> * SSL connect error
>
> curl: (35) SSL connect error
> The log files show the following:
>
> Wed, 12 Feb 2014 18:38:03 GMT] [error] [<0.65.0>] {error_report,<0.60.0>,
>
>                        {<0.65.0>,supervisor_report,
>
>                         [{supervisor,{local,ssl_connection_sup}},
>
>                          {errorContext,child_terminated},
>
>                          {reason,*ekeyfile*},
>
>                          {offender,
>
>                              [{pid,<0.492.0>},
>
>                               {name,undefined},
>
>
> {mfargs,{ssl_connection,start_link,undefined}},
>
>                               {restart_type,temporary},
>
>                               {shutdown,4000},
>
>                               {child_type,worker}]}]}}
>
> [Wed, 12 Feb 2014 18:38:03 GMT] [error] [<0.133.0>] {error_report,<0.30.0>,
>
>                                   {<0.133.0>,std_error,
>
>                                    [{application,mochiweb},
>
>                                     "Accept failed error",
>
>                                                               1115

Mime
View raw message