Unknown CA error

Hello.
I’m using elixir-google-api for storing images in google cloud storage.
I use goth for authentication of GCP.

Goth works in my development environment, but it does not work in a docker container.

** (MatchError) no match of right hand side value: {:error, %HTTPoison.Error{id: nil, reason: {:tls_alert, {:unknown_ca, 'TLS client: In state wait_cert_cr at ssl_handshake.erl:1895 generated CLIENT ALERT: Fatal - Unknown CA\n'}}}}

The error occurs in this function.

{:ok, token} = Goth.Token.for_scope("https://www.googleapis.com/auth/cloud-platform")

Do you know any hints?

Unknown CA error in Goth · Issue #99 · peburrows/goth · GitHub

At risk of providing hasty advice, I recently encountered this problem in the Papercups project. I fixed it by bumping Hackney. Hackney had a problem on macos that was fixed recently. I hope that helps and doesn’t send you down the wrong path.

2 Likes

Thank you for answering!
What did you do on hackney?

Sorry, what I meant was that I raised the Hackney version in my mix.exs to the latest version.

I’ll try it! thanks!

Hello.
An error is not occurred by goth. But a new error came…

map: %{
"reason" => %HTTPoison.Error{
id: nil,
reason: {:tls_alert,
{:unknown_ca,
'TLS client: In state wait_cert_cr at ssl_handshake.erl:1895 generated CLIENT ALERT: Fatal - Unknown CA\n'}}
 },
"result" => false
}

Does anyone know of this error?

I had to add tls options

[ssl: [versions: [:"tlsv1.2"]]]

Ref. ex_azure_storage/http_client.ex at master · csokun/ex_azure_storage · GitHub

1 Like

Hello, I had the same issue and is a hackney error with the certificates it uses

The fix:
mix deps.update certifi

4 Likes

Are you sure you’ve not erased all other default ssl options, making it vulnerable? See also: Setting versions per example disables ssl validation · Issue #381 · edgurgel/httpoison · GitHub

3 Likes

Was having the same issue, this resolved it - thanks!

2 Likes