[erlang-questions] How: SSL for distribution in R11B-5?
Tue Nov 6 22:56:34 CET 2007
On Nov 6, 2007 3:19 PM, Michael Regen <> wrote:
> Got lots of problems when trying to use SSL as distribution protocol
> for Erlang R11B-5. At the end I either get a crash dump or a pang. I
> am not very experienced with SSL and I'd really appreciate if someone
> here can help!
> Currently I am stuck at this point: Everything starts fine but as soon
> as I want to ping the second node I get a pang.
> If I issue a openssl s_client -connect localhost:56047 -showcerts
> I get the following output (... means lines omitted):
> verify error:num=18:self signed certificate
> No client certificate CA names sent
> SSL handshake has read 950 bytes and written 316 bytes
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 1024 bit
> Compression: NONE
> Expansion: NONE
> Protocol : TLSv1
> Cipher : AES256-SHA
> Key-Arg : None
> Start Time: 1194383094
> Timeout : 300 (sec)
> Verify return code: 18 (self signed certificate)
> Does that mean I made something wrong with the certificates? Just for
> now I don't need anything else than self signed certificates.
> What I did so far
> Unfortunately the Erlang user guide for SSL distribution is not easy
> to understand and seems to miss some points. The explanation how a
> certificate should be created does not really work. Whatever
> certificate I try in the SSL examples folder ends with a crash dump.
> Same for certificates built with the make_certs.erl program.
> The tutorial 'Distributed erlang using ssl through firewalls' on
> trapexit also leaves out this point.
> This posting here is the only reference I could find which told me how
> the certificate should look like:
> Ah, certificate and key need to be in one file. At the end I followed
> this guide to create my certificate:
> I also patched ssl_prim.erl following
> If I don't patch it, openssl s_client stops after the line
> Nevertheless netstat --tcp -n still shows me some bytes hanging in the
> Recv-Q of the Erlang server.
> Bruce is also right when saying that setting ERL_SSL_DEBUG stops erts
> from starting up:
> So for now I am stuck since I don't know what options I have left.
> Anyone here who can help? Thanks in advance!
It seems ssl distribution is broken in R11B-5
See these messages for more
> erlang-questions mailing list
More information about the erlang-questions