[erlang-patches] SSL distribution fixes
Ingela Anderton Andin
Wed Jan 18 17:31:15 CET 2012
Paul Guyot wrote:
> Le 16 janv. 2012 à 14:56, Ingela Anderton Andin a écrit :
>>> This probably is what happens. The other bug I saw is that the client can timeout (using dist_utils:timer) while the proxy doesn't handle this.
>>> What is the rationale behind the use of the proxy? Isn't it related to the old implementation of SSL?
>> We want to avoid having a driver.
> Thank you for your replies.
> I still do not fully understand the way distribution over TLS works. I've just read in the (old) documentation that proto_dist requires a driver. Is this such a driver that you try to avoid? Is inet_ssl_dist using the same driver as inet_tcp_dist and hence requires a proxy? Is this why inet_tls_dist cannot use ssl:send/2 and ssl:recv/3 as f_recv and f_send handlers (lines 244 and 248)?
ssl:send/recv operates on ssl-sockes. ssl-sockets are not the same
thing as inet-sockets that will be used in the inet callback-functions
in inet_tls_dist. New ssl is a pure erlang application, this is sort of
a problem as when starting the erlang distribution you are not able to
start erlang applications yet, this
is solved by "cloning" the ssl-application hanging it under the kernel
application supervisor. Then all distribution messages are sent from
erts to erlang
and handled by erlang ssl and sent back to erts that knows nothing
about the SSL/TLS-handshaking and TLS/SSL-decryption/encryption.
This is a short and simplified description, but hope it helps.
Regards Ingela Erlang/OTP team -Ericsson AB
More information about the erlang-patches