[erlang-questions] ssl:peercert returns no_peercert on server, but works on client
Jan.Evangelista@REDACTED
Jan.Evangelista@REDACTED
Thu Nov 22 12:16:18 CET 2012
Hello Ingela!
> you have not
> specified that the server should verify the client {verify,
> verify_peer} , by default the server will
> not request a client certificate
Thanks for your reply, it helped! I can now retrieve the certificate and validate it when the client needs to enter a privileged role.
I had to work around a problem - when the client certificate is signed by a CA, the server crashes at SSL connection time. When the client
certificate is only self-signed everything seems to work right including ssl:peercert/1.
The server uses the following SSL options and the nul verification fun fron the SSL manual:
SslOptions = [{certfile, ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}, {verify, verify_peer}, {verify_fun, {verify_fun_none(), []}}],
The client uses following SSL options:
SslOptions = [{certfile, ?SSL_LM_CLIENTCERT_PATH}, {keyfile, ?SSL_LM_CLIENTKEY_PATH}],
The crash looks as follows:
=ERROR REPORT==== 22-Nov-2012::11:14:33 ===
** State machine <0.1813.0> terminating
** Last message in was {tcp,#Port<0.7011>,
<<22,3,1,0,134,16,0,0,130,0,128,124,165,185,225,
252,236,46,20,10,57,92,171,44,24,67,237,105,105,
128,153,53,52,65,236,144,79,246,189,81,211,105,
88,87,179,197,9,197,132,36,31,157,38,240,241,76,
214,15,188,32,114,131,114,197,104,78,246,89,142,
110,183,91,237,202,20,29,182,215,97,199,75,199,
86,132,197,29,141,105,6,51,167,226,66,140,11,62,
67,79,41,72,103,243,214,47,27,97,176,109,211,15,
192,44,112,127,12,169,78,43,238,119,86,164,119,
235,122,165,209,66,162,67,173,146,105,53,161,79,
183,91,94,22,3,1,1,6,15,0,1,2,1,0,86,79,97,119,
56,220,212,141,121,171,170,45,99,158,180,65,155,
20,158,110,113,113,205,252,0,175,202,212,69,250,
27,118,17,89,131,102,246,150,72,74,115,26,88,
155,52,193,129,163,57,97,69,40,47,216,77,120,59,
73,214,173,46,24,203,163,109,116,172,240,129,40,
245,230,84,7,159,230,152,230,36,205,202,234,29,
112,180,231,160,46,98,96,88,177,133,184,13,64,
25,48,209,188,28,118,125,14,8,183,220,40,146,11,
129,37,29,242,175,117,238,84,105,81,222,97,253,
29,199,106,161,91,229,86,118,121,76,223,9,82,
229,222,144,242,18,65,15,104,222,218,238,207,
154,43,36,22,28,223,32,79,18,163,141,43,34,33,
141,55,126,216,34,213,0,88,132,249,70,199,94,9,
22,201,100,153,222,54,196,13,138,254,175,18,94,
5,81,36,49,239,200,164,3,35,227,215,180,129,206,
9,231,115,68,246,85,247,189,90,107,57,31,76,117,
158,41,167,185,217,186,39,171,4,182,91,66,171,
123,32,129,175,90,243,217,41,18,16,80,217,104,
104,98,184,34,233,98,98,157,190,14,136,137,128,
20,3,1,0,1,1,22,3,1,0,48,236,59,196,85,219,154,
221,159,242,33,94,39,156,30,135,226,130,11,229,
89,17,239,94,183,150,153,48,119,185,238,182,42,
98,81,64,172,239,201,40,122,109,54,11,64,208,
244,135,97>>}
** When State == certify
** Data == {state,server,
{#Ref<0.0.0.8307>,<0.1801.0>},
gen_tcp,tcp,tcp_closed,tcp_error,"localhost",8045,
#Port<0.7011>,
{ssl_options,[],verify_peer,
{#Fun<command_processor.0.26526889>,[]},
false,false,undefined,1,"../cert/server.crt",
undefined,"../cert/server.key",undefined,undefined,
undefined,[],undefined,undefined,
[<<0,57>>,
<<0,56>>,
<<0,53>>,
<<0,22>>,
<<0,19>>,
<<0,10>>,
<<0,51>>,
<<0,50>>,
<<0,47>>,
<<0,5>>,
<<0,4>>,
<<0,21>>,
<<0,9>>],
#Fun<ssl.0.123982462>,true,18446744073709551900,
false,[],undefined},
{socket_options,list,line,0,0,false},
{connection_states,
{connection_state,
{security_parameters,
<<0,0>>,
0,0,0,0,0,0,0,0,0,0,undefined,undefined,
undefined,undefined},
undefined,undefined,undefined,2,true,undefined,
undefined},
{connection_state,
{security_parameters,
<<0,57>>,
0,7,1,16,256,32,unknown,2,20,0,undefined,
<<80,173,251,9,182,167,195,207,85,233,230,8,
168,220,102,65,112,98,206,125,25,138,109,69,
19,203,42,127,243,91,89,209>>,
<<80,173,251,9,181,195,163,185,49,240,227,167,
126,49,159,95,118,198,197,199,80,109,167,
144,126,133,243,15,58,35,163,41>>,
undefined},
undefined,undefined,undefined,undefined,true,
undefined,undefined},
{connection_state,
{security_parameters,
<<0,0>>,
0,0,0,0,0,0,0,0,0,0,undefined,undefined,
undefined,undefined},
undefined,undefined,undefined,5,true,undefined,
undefined},
{connection_state,
{security_parameters,
<<0,57>>,
0,7,1,16,256,32,unknown,2,20,0,undefined,
<<80,173,251,9,182,167,195,207,85,233,230,8,
168,220,102,65,112,98,206,125,25,138,109,69,
19,203,42,127,243,91,89,209>>,
<<80,173,251,9,181,195,163,185,49,240,227,167,
126,49,159,95,118,198,197,199,80,109,167,
144,126,133,243,15,58,35,163,41>>,
undefined},
undefined,undefined,undefined,undefined,true,
undefined,undefined}},
[],<<>>,<<>>,
{{<<74,235,27,194,251,55,161,227,190,40,7,141,30,30,195,
73,80,72,0,0,0,0,0,0,141,253,46,225,175,139,230,151,
57,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,10,0,0,0>>,
<<124,237,16,106,151,175,31,162,73,226,133,96,82,170,
172,146,62,65,50,112,80,72,0,0,0,0,0,0,141,253,46,
225,175,139,230,151,57,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0>>},
{<<254,34,90,191,186,108,88,132,227,38,96,111,102,221,16,
176,176,47,0,0,0,0,0,0,194,101,158,183,125,65,112,84,
154,138,247,42,54,110,227,200,226,77,200,16,226,112,
64,93,223,163,2,160,174,68,70,242,182,160,122,43,217,
29,58,168,255,227,13,0,0,4,1,1,0,0,14,0,0,0,0,0,0,0,0,
0,0,0,0,0,54,0,0,0>>,
<<58,140,204,97,184,192,94,67,73,81,149,252,253,209,
248,42,177,107,91,42,176,47,0,0,0,0,0,0,194,101,158,
183,125,65,112,84,154,138,247,42,54,110,227,200,226,
77,200,16,226,112,64,93,223,163,2,160,174,68,70,242,
182,160,122,43,217,29,58,168,255,227,13,0,0,4,1,1,0,
0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0>>}},
[],282641,
{session,
<<40,81,21,171,116,215,2,75,239,85,93,101,222,58,221,
16,169,9,131,231,253,81,71,239,191,101,119,219,34,
105,114,1>>,
<<48,130,3,6,48,130,1,238,2,9,0,144,207,233,174,127,
216,70,81,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,
48,69,49,11,48,9,6,3,85,4,6,19,2,67,90,49,22,48,20,
6,3,85,4,10,12,13,83,111,101,109,115,97,116,117,32,
67,97,98,117,49,12,48,10,6,3,85,4,11,12,3,73,67,84,
49,16,48,14,6,3,85,4,3,12,7,105,99,116,46,99,111,
109,48,30,23,13,49,50,49,49,50,50,49,48,49,52,49,55,
90,23,13,49,55,49,49,50,49,49,48,49,52,49,55,90,48,
69,49,11,48,9,6,3,85,4,6,19,2,67,90,49,22,48,20,6,3,
85,4,10,12,13,83,111,101,109,115,97,116,117,32,67,
97,98,117,49,12,48,10,6,3,85,4,11,12,3,73,67,84,49,
16,48,14,6,3,85,4,3,12,7,105,99,116,46,99,111,109,
48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,
0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,190,0,28,89,
0,189,127,83,155,81,235,193,186,105,224,229,114,20,
147,7,203,135,145,175,179,74,115,137,217,179,46,49,
33,83,30,86,32,155,97,177,70,12,87,5,33,124,3,131,
208,19,118,215,95,145,193,207,211,149,0,158,20,3,
133,178,174,238,7,147,205,225,11,50,58,113,4,187,
200,107,194,118,228,153,119,142,202,212,232,111,238,
143,149,0,240,149,144,31,155,235,119,242,167,31,204,
20,13,173,83,39,18,200,244,150,207,229,103,83,58,
216,250,208,252,232,175,56,73,248,44,55,38,176,9,
123,154,211,195,62,97,197,194,234,18,186,40,237,125,
123,63,242,164,23,146,164,198,225,0,94,178,101,232,
183,87,153,207,90,128,63,109,177,132,144,205,127,41,
152,134,149,79,59,224,25,165,83,178,126,96,220,209,
53,165,13,126,95,193,235,94,92,31,201,65,68,116,232,
5,42,84,173,157,4,255,232,77,52,164,103,201,255,162,
250,59,47,45,164,81,61,234,176,62,195,186,173,243,
27,172,129,174,40,187,164,7,169,184,96,68,31,244,
150,24,140,5,247,39,14,70,200,149,63,2,3,1,0,1,48,
13,6,9,42,134,72,134,247,13,1,1,5,5,0,3,130,1,1,0,
95,48,235,37,237,45,7,232,113,142,18,0,146,119,212,
239,43,122,106,160,11,238,184,163,22,75,111,96,224,
116,174,142,137,245,152,220,76,169,91,137,205,60,47,
35,144,44,252,197,149,211,209,121,242,142,122,62,35,
219,37,230,226,96,249,121,68,16,156,28,79,92,174,
101,210,57,156,142,31,129,133,111,65,211,82,16,162,
250,88,35,66,67,62,160,73,110,206,248,0,88,149,217,
191,73,198,117,59,154,45,98,15,156,120,161,84,206,
43,95,242,200,197,1,200,152,131,135,103,253,194,147,
184,115,50,153,45,109,165,189,147,143,194,55,53,12,
52,27,166,133,81,220,200,95,201,0,224,66,152,210,9,
206,187,117,137,123,231,110,173,63,140,33,218,91,
222,194,37,220,146,190,252,10,137,153,167,212,35,77,
107,147,118,84,189,187,130,130,71,245,49,67,101,165,
235,226,224,210,221,240,237,193,53,125,149,159,50,
249,194,176,97,76,224,35,41,249,121,147,23,72,47,
104,178,59,134,201,135,119,189,144,209,144,63,169,
95,86,78,104,79,44,150,79,141,253,46,225,175,139,
230,151,57,6>>,
<<48,130,3,54,48,130,2,30,2,9,0,140,204,151,61,246,
240,165,67,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,
48,93,49,11,48,9,6,3,85,4,6,19,2,67,90,49,39,48,37,
6,3,85,4,10,19,30,82,101,112,117,116,97,116,105,111,
110,32,83,101,114,118,105,99,101,32,68,101,118,101,
108,111,112,109,101,110,116,49,37,48,35,6,3,85,4,3,
19,28,114,101,112,117,116,97,116,105,111,110,45,115,
101,114,118,105,99,101,46,107,101,114,105,111,46,99,
111,109,48,30,23,13,49,50,48,52,48,51,49,53,50,51,
50,55,90,23,13,49,55,48,52,48,50,49,53,50,51,50,55,
90,48,93,49,11,48,9,6,3,85,4,6,19,2,67,90,49,39,48,
37,6,3,85,4,10,19,30,82,101,112,117,116,97,116,105,
111,110,32,83,101,114,118,105,99,101,32,68,101,118,
101,108,111,112,109,101,110,116,49,37,48,35,6,3,85,
4,3,19,28,114,101,112,117,116,97,116,105,111,110,45,
115,101,114,118,105,99,101,46,107,101,114,105,111,
46,99,111,109,48,130,1,34,48,13,6,9,42,134,72,134,
247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,
0,192,14,209,47,35,12,52,111,245,93,138,117,89,37,
130,184,25,108,243,65,169,208,204,66,122,25,192,194,
226,86,105,37,222,108,131,213,4,139,199,248,161,59,
13,46,125,207,2,199,57,238,131,38,248,28,139,159,
211,81,31,186,202,57,81,143,111,8,122,164,73,41,11,
141,15,83,3,9,25,95,113,95,196,37,150,2,121,248,182,
104,215,240,24,222,66,173,79,125,100,36,187,231,69,
248,20,181,125,39,202,203,193,164,129,95,249,43,99,
3,37,85,200,139,131,12,248,253,89,41,91,142,220,183,
106,47,88,173,175,69,210,89,209,146,97,163,84,153,
107,141,220,76,26,223,247,133,189,234,31,107,176,
129,188,57,164,200,21,91,97,77,105,97,223,236,67,
253,16,128,222,157,234,177,180,47,21,85,131,170,177,
28,238,121,144,92,162,226,2,173,143,181,212,6,172,
148,162,33,100,151,2,91,48,114,135,239,237,111,36,
236,7,8,41,143,3,117,25,15,207,2,79,77,6,126,34,43,
249,147,215,252,97,30,188,15,208,245,195,111,180,
103,104,175,210,13,226,147,46,156,176,119,146,105,2,
3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,3,
130,1,1,0,74,14,242,251,17,1,83,137,202,112,234,245,
203,168,159,226,56,164,149,123,50,233,229,88,0,156,
11,0,45,18,250,63,199,38,58,241,62,147,201,162,36,
231,92,72,211,94,244,14,11,205,254,48,95,14,76,204,
149,242,115,80,59,217,248,183,21,114,70,30,51,191,
147,204,247,234,160,80,38,41,119,75,46,227,250,35,
33,24,99,49,182,20,50,255,75,63,209,134,204,68,215,
163,240,89,103,251,242,184,232,33,106,248,81,70,132,
164,142,166,20,112,248,14,66,234,151,21,243,179,22,
144,184,243,240,150,203,228,207,165,155,6,46,157,
227,41,184,122,191,228,99,176,126,245,254,120,84,
159,214,194,167,141,102,73,31,112,183,166,246,102,
66,48,241,174,52,201,190,31,63,109,171,247,83,147,
42,253,196,217,208,128,223,199,226,123,176,180,70,
228,147,208,5,23,182,3,94,114,39,21,150,31,129,137,
92,132,177,71,128,126,44,184,106,224,119,159,219,
192,239,100,163,0,58,205,242,221,178,117,27,149,189,
12,240,147,217,61,4,234,76,231,132,117,189,32,209,
115,85,22,18,239,192,240>>,
0,
<<0,57>>,
undefined,false,undefined},
294932,ssl_session_cache,
{3,1},
undefined,false,dhe_rsa,
{{1,2,840,113549,1,1,1},
{'RSAPublicKey',
23985332548066223260322774259983152247797545948725977981875025710391659706585537937762959847062338790405599724727995315638420544358206480001280868527351317937548968876345931793589896941602423200065683725877315198229678655238870730302517002323138774678006366072941089637364098826231863208669397304033591358850613302169833622263116162988138227035449809879884230462587875848694948534737421208621472209080883099703159964364087058652885206739036200595109009813390823243309991477889022926642506234188064656504587631372428472973627488535282906583541347813283001630133822872906001289445314889618418076221729617745551234209087,
65537},
'NULL'},
{'RSAPrivateKey','two-prime',
24245061150388932126267388211561744501091175463407888595224551795663243174179988206545263128427895384819161106685261774299926886043886449727365149760320167454881950274766434421391227835510145242902399427836428837752665263535539327909106678269499287402480269087683223401095638029356908814821392014964348552872878386913883155024136808504734817452104655112897489194364101268365556518013584741158156036753091620252122206747573951286458946943600837100506515889843196447909183388855876119846269544345680287986326246932374547999824620904250547635320124126286130214850019238265403675412304909021441994637469225051132486193769,
65537,
17328576366714496692349218475330937854580034940285470950591470934901841303717973474263189804212750777733407470562344122709047946491015536135000243830556128046052236642207219658092169355373769219262268513958316114396029626154205985299761446462633567621642404814626392226234352822575140238263100590093306842930006045435892856121601423729512197996242068235270905851036153226021734054606688010693704177209978560595698319274376708915898529303563327262255759966796798795075686111639483078123875727747288297150915376929152726694642421456339054268945476553274267673852919202129038846069271873486039976781207205533522013452901,
175370494815195674207106911731501626457371590465889564240336423322818657338712687959781189374639152154813531306121219213930531469102050716841885921299604376592875157055568786704961285756158968740499753148009889247438281864458144963953290691240618002674486253789360979786944138116053414853181637891019175023947,
138250514580221862655892174736393256109561741620998730071324163294133331805750724515526687394456291120722335476788733177943715853063937025485775099007036433458977246157028955416570452620946072552127788423550793775405053948011855722670612242672683268700825660765387097861823041722523099578698965460097679657627,
142026097972310688682979178892246827377686719495362230673056380430625800035239858799660442303559022228189923060312340067421103929903114940371087128780655231274599719790063153991676842131832299691331078598101421818164307921296069428060253852454141036512977896548882667244027756452807590319170371129342718366281,
65422024332459841410915727224312434986737847214429003703281753455925004490467174563987200454159832713230111084450752735822031215207773913535717886773963118709481076873642964956194202467818187406490060612777221529161190443408939706229819758029936161438862111743243512305853456718199015628335001843447355527747,
96692327788712893502227594737656137616777825297927354007039082535604854560178523094918225407406512660518516707411647582424617277816228673283401730456439499912365000393053010166088811818218189984574138829734660366829219694139224814835276610527380177578913321283217512483858915039007177988094558316513780160433,
asn1_NOVALUE},
{'DHParameter',
179769313486231590770839156793787453197860296048756011706444423684197180216158519368947833795864925541502180565485980503646440548199239100050792877003355816639229553136239076508735759914822574862575007425302077447712589550957937778424442426617334727629299387668709205606050270810842907692932019128194467627007,
2,asn1_NOVALUE},
{<<0,0,0,128,42,92,72,253,178,119,231,149,208,224,184,195,
2,12,214,157,94,48,216,139,94,54,195,90,237,248,61,35,
73,227,11,233,89,182,207,43,216,239,223,47,78,186,249,
223,191,42,199,139,246,10,26,246,64,161,131,210,59,8,
207,143,77,241,200,231,165,114,131,173,49,12,174,86,
243,21,240,218,153,61,142,225,144,44,97,205,94,146,14,
123,173,160,147,174,179,19,134,160,75,147,215,243,34,
67,171,218,101,134,50,112,3,248,40,18,46,190,50,53,69,
80,243,194,54,162,75,122,225,69,191,217>>,
<<0,0,0,128,108,57,203,135,98,244,98,181,102,201,31,96,
95,187,67,232,64,61,39,6,38,213,166,214,127,108,94,
230,39,199,145,16,194,86,68,250,69,141,221,241,87,166,
81,101,78,204,176,32,74,30,152,23,114,104,225,230,194,
189,126,121,214,84,227,4,147,94,63,105,129,185,189,
175,250,36,16,110,165,122,184,49,73,89,226,148,192,79,
96,248,191,190,116,209,246,242,56,130,10,65,97,89,221,
234,85,120,34,240,170,224,133,195,255,196,58,212,96,
233,34,160,182,220,123,171,219,109,43,188,240,120>>},
undefined,#Ref<0.0.0.8310>,
{<0.1801.0>,#Ref<0.0.0.8318>},
0,<<>>,true,
{false,first},
false,
{[],[]},
false}
** Reason for termination =
** {decrypt_failed,[{crypto,rsa_public_decrypt,
[<<86,79,97,119,56,220,212,141,121,171,170,45,99,
158,180,65,155,20,158,110,113,113,205,252,0,175,
202,212,69,250,27,118,17,89,131,102,246,150,72,
74,115,26,88,155,52,193,129,163,57,97,69,40,47,
216,77,120,59,73,214,173,46,24,203,163,109,116,
172,240,129,40,245,230,84,7,159,230,152,230,36,
205,202,234,29,112,180,231,160,46,98,96,88,177,
133,184,13,64,25,48,209,188,28,118,125,14,8,183,
220,40,146,11,129,37,29,242,175,117,238,84,105,
81,222,97,253,29,199,106,161,91,229,86,118,121,
76,223,9,82,229,222,144,242,18,65,15,104,222,
218,238,207,154,43,36,22,28,223,32,79,18,163,
141,43,34,33,141,55,126,216,34,213,0,88,132,249,
70,199,94,9,22,201,100,153,222,54,196,13,138,
254,175,18,94,5,81,36,49,239,200,164,3,35,227,
215,180,129,206,9,231,115,68,246,85,247,189,90,
107,57,31,76,117,158,41,167,185,217,186,39,171,
4,182,91,66,171,123,32,129,175,90,243,217,41,18,
16,80,217,104,104,98,184,34,233,98,98,157,190,
14,136,137,128>>,
[<<0,0,0,3,1,0,1>>,
<<0,0,1,1,0,190,0,28,89,0,189,127,83,155,81,235,
193,186,105,224,229,114,20,147,7,203,135,145,
175,179,74,115,137,217,179,46,49,33,83,30,86,
32,155,97,177,70,12,87,5,33,124,3,131,208,19,
118,215,95,145,193,207,211,149,0,158,20,3,133,
178,174,238,7,147,205,225,11,50,58,113,4,187,
200,107,194,118,228,153,119,142,202,212,232,
111,238,143,149,0,240,149,144,31,155,235,119,
242,167,31,204,20,13,173,83,39,18,200,244,150,
207,229,103,83,58,216,250,208,252,232,175,56,
73,248,44,55,38,176,9,123,154,211,195,62,97,
197,194,234,18,186,40,237,125,123,63,242,164,
23,146,164,198,225,0,94,178,101,232,183,87,
153,207,90,128,63,109,177,132,144,205,127,41,
152,134,149,79,59,224,25,165,83,178,126,96,
220,209,53,165,13,126,95,193,235,94,92,31,201,
65,68,116,232,5,42,84,173,157,4,255,232,77,52,
164,103,201,255,162,250,59,47,45,164,81,61,
234,176,62,195,186,173,243,27,172,129,174,40,
187,164,7,169,184,96,68,31,244,150,24,140,5,
247,39,14,70,200,149,63>>],
rsa_pkcs1_padding]},
{ssl_handshake,certificate_verify,5},
{ssl_connection,cipher,2},
{ssl_connection,next_state,3},
{ssl_connection,certify,2},
{ssl_connection,next_state,3},
{gen_fsm,handle_msg,7},
{proc_lib,init_p_do_apply,3}]}
I am attaching the Makefile which generates the certificates/keys using OpenSSL:
# Generation of license manager certificates.
$(LM_CERT_DIR)/Cooking-service-ca.crt:
openssl genrsa -out $(LM_CERT_DIR)/Cooking-service-ca.key 2048
openssl req -subj '/C=CZ/O=Cooking Service Development/OU=Certificate Authority/CN=Cooking-service-ca.com' -new -key $(LM_CERT_DIR)/Cooking-service-ca.key \
-out $(LM_CERT_DIR)/Cooking-service-ca.csr
openssl x509 -req -days 1825 -in $(LM_CERT_DIR)/Cooking-service-ca.csr -signkey $(LM_CERT_DIR)/Cooking-service-ca.key -out $(LM_CERT_DIR)/Cooking-service-ca.crt
$(LM_CERT_DIR)/Manager-client.key:
openssl genrsa -out $(LM_CERT_DIR)/Manager-client.key 2048
# Erlang SSL_LM_CLIENTCERT_PATH = Manager-client.crt
$(LM_CERT_DIR)/Manager-client.crt: $(LM_CERT_DIR)/Manager-client.key $(LM_CERT_DIR)/Cooking-service-ca.crt
openssl req -subj '/C=CZ/O=Soemsatu Cabu/OU=ICT/CN=ict.com' -new -key $(LM_CERT_DIR)/Manager-client.key -out $(LM_CERT_DIR)/Manager-client.csr
openssl x509 -req -days 1825 -in $(LM_CERT_DIR)/Manager-client.csr -signkey $(LM_CERT_DIR)/Manager-client.key -out $(LM_CERT_DIR)/Manager-client-tmp.crt
openssl x509 -days 1825 -in $(LM_CERT_DIR)/Manager-client-tmp.crt -signkey $(LM_CERT_DIR)/Cooking-service-ca.key -out $(LM_CERT_DIR)/Manager-client.crt
rm -f Manager-client-tmp.crt
---------- Původní zpráva ----------
Od: Ingela Andin
Datum: 21. 11. 2012
Předmět: Re: [erlang-questions] ssl:peercert returns no_peercert on server, but works on client
Hello!
2012/11/20, Jan.Evangelista@REDACTED :
> Hello.
>
> I am writing a client-server application which communicates over SSL.
>
> When the SSL connection is successfully established, the server attempts to
> retrieve the client certificate with ssl:peercert/1 - but on server the
> function always returns no_peercert error. The client gives PEM certificate
> and key paths when it requests connection upgrade to SSL:
>
> SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile,
> ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
> SslConnectResult = ssl:connect(Socket, SslOptions),
> ?assertMatch({ok, _}, SslConnectResult),
> ....
>
> In an attempt to find what is wrong, I tried to reverse the client and
> server roles - and the peer certificate can be retrieved successfully on
> client. In this case the connection is upgraded to SSL with exactly the same
> SslOptions on server. The peer certificate can be retrieved successfully on
> client:
> ...
> ?assertMatch({ok, _}, ssl:peercert(SslSocket)),
>
> and the server code contains basically
>
> SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile,
> ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
> {ok, SslSocket} = ssl:ssl_accept(Socket, SslOptions, infinity),
> ...
>
> Is the failing ssl:peercert/1 on server a bug/missing implementation, or am
> I missing something? The Erlang distribution is R14B04.
>
> Thanks, Jan
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
Well we have a reported issue that is similar to what you describe,
but we have not been able to reproduce it yet. However in your case
it proably depends on that you have not
specified that the server should verify the client {verify,
verify_peer} , by default the server will
not request a client certificate.
Regards Ingela Erlang/OTP team - Ericsson AB
More information about the erlang-questions
mailing list