zmstone

> I tried your script. So first I want to inform you that `{'SubjectPublicKeyInfo' ...}` is not a valid input to public_key:pkix_verify/2 . You might argue that we could add...

Hi @IngelaAndin I'm afraid I'll need to provide the reproduce steps treating `ssl` lib as a blackbox. I have added private keys in this new upload: [test-cert-with-priv-key.tar.gz](https://github.com/user-attachments/files/19542087/test-cert-with-priv-key.tar.gz) You can find...

Hi @IngelaAndin I'm afraid I need to bother you more with this issue. Could you share the test code how you successfully verified the certs in the `bad` dir ?...

would be great if you can quickly run the same test I shared here: > I've spent some time to put together a TLS client/server code without any build dependency....

Hi @IngelaAndin Have you had a chance to test it?

Hi @IngelaAndin It fails if we add `{verify, verify_peer}` to the server's ssl options. ``` Erlang/OTP 28 [RELEASE CANDIDATE 2] [erts-16.0] [source] [64-bit] [smp:20:20] [ds:20:20:10] [async-threads:1] [jit:ns] Eshell V16.0 (press...

Thank you @IngelaAndin I tried to use RSASSA-PSS key for intermediate CA, but resulted in a different error: ``` 1> ssl:start(), {ok, L} = ssl:listen(9999, [ {certfile, "server.pem"}, {keyfile, "server.key"},...

Thank you @IngelaAndin Just a kind reminder that this issue still has a "not a bug" label. For my own education: The chain in my [previous example](https://github.com/erlang/otp/issues/9632#issuecomment-2787775634) is valid right?...

`data/patches` is in `/var/lib/emqx` when installed from DEB or RPM. but replacing the original files should work too. please make sure to restart the node after the files are replaced.

internal ref: [EMQX-13975](https://emqx.atlassian.net/browse/EMQX-13975) [EMQX-13975]: https://emqx.atlassian.net/browse/EMQX-13975?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ