[erlang-questions] erlang-questions] Inets and SSL

Ingela Anderton Andin ingela@REDACTED
Mon Feb 9 09:38:33 CET 2009

Hi !

Your are probably not doing anything dumb :)  This is a know bug that 
has been fixed
and will be part of the upcoming release.

The release note says:

Ssl did not work correctly with the use of new style configuration due 
to an old internal format that was not
changed correctly in all places.

So a workaround would be to use old-style apache-like configuration 
files. ( I know that is not very appealing ;))
or wait for R13 that is due in the end of Mars.

Regards Ingela Erlang/OTP - Ericsson

> Hi,
> I'm having difficulty getting ssl to work with inets httpd, and would be 
> very grateful for input/help on this one!
> The server starts fine, returns a pid. The port (443) is definitely open 
> and listening according to the OS net stats. However, a connection from 
> a browser just hangs with "connecting" (TIME_WAIT). It all just stays 
> that way unless I stop inets in which case the browser will immediately 
> report "page not available".
> Everything works fine for standard ip_comm. Also, if I move the pem 
> files, then inets won't start (so I'm sure it can "see" them). Also 
> these same cert/key pem files work fine if they are used for ssl with 
> Nginx, so I'm sure they are not corrupt. Finally, it seems to make no 
> difference at all if I have the "actual" erlang ssl application started 
> or not.
> Here's the bare bones startup in which I've been trying all variants I 
> can think of (including ssl's keyfile, certfile, 
> ssl_ca_certificate_file, etc etc).
> start_ssl() ->
>      inets:start(),
>      {ok, Pid} = inets:start(httpd, [
>          {port, 443},
>          {server_name,"localhost"},
>          {server_root,"./tmp"},
>          {document_root,"./tmp/htdocs"},
>          {bind_address, "localhost"},
>          {socket_type, ssl},
>          {ssl_verify_client, 0},
>          {ssl_certificate_file, "../ssl/cacert.pem"},
>          {ssl_certificate_key_file, "../ssl/cakey.pem"},
>          {modules, [my_mod, mod_head, mod_get]},
>          {mimetypes, [
>              {"css", "text/css"},
>              {"js", "text/javascript"},
>              {"html", "text/html"}
>          ]}
>      ]),
>      Pid.
> I'm probably doing something dumb, so any observations would be very 
> much appreciated!

More information about the erlang-questions mailing list