[
https://issues.apache.org/jira/browse/COUCHDB-2923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15105795#comment-15105795
]
Paul Hammant commented on COUCHDB-2923:
---------------------------------------
As I've just updated in ERL-74, this was fixed by generating keys with openssl
1.0.2e (otherwise identical command). It could be that Erlang isn't compatible
for some reason with keys/certs made by 0.9.8zg.
This should be put in the wiki documentation for HTTPS of CouchDB. Maybe Couch
could catch the exception and warn the user that there's a cert problem that
might be rooted in incompatible keys/certs (that could be recreated from newer
openssl versions).
> Broken SSL in 1.6.1
> -------------------
>
> Key: COUCHDB-2923
> URL: https://issues.apache.org/jira/browse/COUCHDB-2923
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.6.1
> Reporter: Paul Hammant
>
> "Secure Connection Failed" as Firefox connects to https://127.0.0.1:6984/ is
> hard to debug. The console contains *no details* about why something was
> rejected (or even that a connection failed at all). However the log file
> does, driving me to believe that the root cause is in Erlang itself.
> http://bugs.erlang.org/browse/ERL-74 - "SSL crash"
> You can reproduce this via - a few of the prominent articles found via
> google: https://www.google.com/search?q=couchdb+ssl+setup. Yes, this is for a
> cert self-creation, but that should not matter.
> Apache CouchDB: 1.6.1
> Erlang: 18
> OpenSSL 0.9.8zg 14 July 2015
> OS X: 10.10.5
> Homebrew at b28ffb8a
> Users needing SSL with 1.6.1, who encounter this bug should decouple SSL from
> the couchDB process and use https://github.com/klaemo/docker-couchdb-ssl or
> https://github.com/marfarma/docker-couchdb-ssl-node (or something like that)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
