[erlang-questions] ssl:peercert returns no_peercert on server, but works on client

Jan.Evangelista <>
Thu Nov 22 12:16:18 CET 2012


Hello Ingela!

> you have not
> specified that the server should verify the client {verify,
> verify_peer} , by default the server will
> not  request a client certificate

Thanks for your reply, it helped! I can now retrieve the certificate and validate it when the client needs to enter a privileged role.

I had to work around a problem - when the client certificate is signed by a CA, the server crashes at SSL connection time. When the client
certificate is only self-signed everything seems to work right including ssl:peercert/1.

The server uses the following SSL options and the nul verification fun fron the SSL manual:

    SslOptions = [{certfile, ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}, {verify, verify_peer}, {verify_fun, {verify_fun_none(), []}}],

The client uses following SSL options:

    SslOptions = [{certfile, ?SSL_LM_CLIENTCERT_PATH}, {keyfile, ?SSL_LM_CLIENTKEY_PATH}],     

The crash looks as follows:

=ERROR REPORT==== 22-Nov-2012::11:14:33 ===
** State machine <0.1813.0> terminating 
** Last message in was {tcp,#Port<0.7011>,
                            <<22,3,1,0,134,16,0,0,130,0,128,124,165,185,225,
                              252,236,46,20,10,57,92,171,44,24,67,237,105,105,
                              128,153,53,52,65,236,144,79,246,189,81,211,105,
                              88,87,179,197,9,197,132,36,31,157,38,240,241,76,
                              214,15,188,32,114,131,114,197,104,78,246,89,142,
                              110,183,91,237,202,20,29,182,215,97,199,75,199,
                              86,132,197,29,141,105,6,51,167,226,66,140,11,62,
                              67,79,41,72,103,243,214,47,27,97,176,109,211,15,
                              192,44,112,127,12,169,78,43,238,119,86,164,119,
                              235,122,165,209,66,162,67,173,146,105,53,161,79,
                              183,91,94,22,3,1,1,6,15,0,1,2,1,0,86,79,97,119,
                              56,220,212,141,121,171,170,45,99,158,180,65,155,
                              20,158,110,113,113,205,252,0,175,202,212,69,250,
                              27,118,17,89,131,102,246,150,72,74,115,26,88,
                              155,52,193,129,163,57,97,69,40,47,216,77,120,59,
                              73,214,173,46,24,203,163,109,116,172,240,129,40,
                              245,230,84,7,159,230,152,230,36,205,202,234,29,
                              112,180,231,160,46,98,96,88,177,133,184,13,64,
                              25,48,209,188,28,118,125,14,8,183,220,40,146,11,
                              129,37,29,242,175,117,238,84,105,81,222,97,253,
                              29,199,106,161,91,229,86,118,121,76,223,9,82,
                              229,222,144,242,18,65,15,104,222,218,238,207,
                              154,43,36,22,28,223,32,79,18,163,141,43,34,33,
                              141,55,126,216,34,213,0,88,132,249,70,199,94,9,
                              22,201,100,153,222,54,196,13,138,254,175,18,94,
                              5,81,36,49,239,200,164,3,35,227,215,180,129,206,
                              9,231,115,68,246,85,247,189,90,107,57,31,76,117,
                              158,41,167,185,217,186,39,171,4,182,91,66,171,
                              123,32,129,175,90,243,217,41,18,16,80,217,104,
                              104,98,184,34,233,98,98,157,190,14,136,137,128,
                              20,3,1,0,1,1,22,3,1,0,48,236,59,196,85,219,154,
                              221,159,242,33,94,39,156,30,135,226,130,11,229,
                              89,17,239,94,183,150,153,48,119,185,238,182,42,
                              98,81,64,172,239,201,40,122,109,54,11,64,208,
                              244,135,97>>}
** When State == certify
**      Data  == {state,server,
                     {#Ref<0.0.0.8307>,<0.1801.0>},
                     gen_tcp,tcp,tcp_closed,tcp_error,"localhost",8045,
                     #Port<0.7011>,
                     {ssl_options,[],verify_peer,
                         {#Fun<command_processor.0.26526889>,[]},
                         false,false,undefined,1,"../cert/server.crt",
                         undefined,"../cert/server.key",undefined,undefined,
                         undefined,[],undefined,undefined,
                         [<<0,57>>,
                          <<0,56>>,
                          <<0,53>>,
                          <<0,22>>,
                          <<0,19>>,
                          <<0,10>>,
                          <<0,51>>,
                          <<0,50>>,
                          <<0,47>>,
                          <<0,5>>,
                          <<0,4>>,
                          <<0,21>>,
                          <<0,9>>],
                         #Fun<ssl.0.123982462>,true,18446744073709551900,
                         false,[],undefined},
                     {socket_options,list,line,0,0,false},
                     {connection_states,
                         {connection_state,
                             {security_parameters,
                                 <<0,0>>,
                                 0,0,0,0,0,0,0,0,0,0,undefined,undefined,
                                 undefined,undefined},
                             undefined,undefined,undefined,2,true,undefined,
                             undefined},
                         {connection_state,
                             {security_parameters,
                                 <<0,57>>,
                                 0,7,1,16,256,32,unknown,2,20,0,undefined,
                                 <<80,173,251,9,182,167,195,207,85,233,230,8,
                                   168,220,102,65,112,98,206,125,25,138,109,69,
                                   19,203,42,127,243,91,89,209>>,
                                 <<80,173,251,9,181,195,163,185,49,240,227,167,
                                   126,49,159,95,118,198,197,199,80,109,167,
                                   144,126,133,243,15,58,35,163,41>>,
                                 undefined},
                             undefined,undefined,undefined,undefined,true,
                             undefined,undefined},
                         {connection_state,
                             {security_parameters,
                                 <<0,0>>,
                                 0,0,0,0,0,0,0,0,0,0,undefined,undefined,
                                 undefined,undefined},
                             undefined,undefined,undefined,5,true,undefined,
                             undefined},
                         {connection_state,
                             {security_parameters,
                                 <<0,57>>,
                                 0,7,1,16,256,32,unknown,2,20,0,undefined,
                                 <<80,173,251,9,182,167,195,207,85,233,230,8,
                                   168,220,102,65,112,98,206,125,25,138,109,69,
                                   19,203,42,127,243,91,89,209>>,
                                 <<80,173,251,9,181,195,163,185,49,240,227,167,
                                   126,49,159,95,118,198,197,199,80,109,167,
                                   144,126,133,243,15,58,35,163,41>>,
                                 undefined},
                             undefined,undefined,undefined,undefined,true,
                             undefined,undefined}},
                     [],<<>>,<<>>,
                     {{<<74,235,27,194,251,55,161,227,190,40,7,141,30,30,195,
                         73,80,72,0,0,0,0,0,0,141,253,46,225,175,139,230,151,
                         57,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         0,0,0,10,0,0,0>>,
                       <<124,237,16,106,151,175,31,162,73,226,133,96,82,170,
                         172,146,62,65,50,112,80,72,0,0,0,0,0,0,141,253,46,
                         225,175,139,230,151,57,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0>>},
                      {<<254,34,90,191,186,108,88,132,227,38,96,111,102,221,16,
                         176,176,47,0,0,0,0,0,0,194,101,158,183,125,65,112,84,
                         154,138,247,42,54,110,227,200,226,77,200,16,226,112,
                         64,93,223,163,2,160,174,68,70,242,182,160,122,43,217,
                         29,58,168,255,227,13,0,0,4,1,1,0,0,14,0,0,0,0,0,0,0,0,
                         0,0,0,0,0,54,0,0,0>>,
                       <<58,140,204,97,184,192,94,67,73,81,149,252,253,209,
                         248,42,177,107,91,42,176,47,0,0,0,0,0,0,194,101,158,
                         183,125,65,112,84,154,138,247,42,54,110,227,200,226,
                         77,200,16,226,112,64,93,223,163,2,160,174,68,70,242,
                         182,160,122,43,217,29,58,168,255,227,13,0,0,4,1,1,0,
                         0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0>>}},
                     [],282641,
                     {session,
                         <<40,81,21,171,116,215,2,75,239,85,93,101,222,58,221,
                           16,169,9,131,231,253,81,71,239,191,101,119,219,34,
                           105,114,1>>,
                         <<48,130,3,6,48,130,1,238,2,9,0,144,207,233,174,127,
                           216,70,81,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,
                           48,69,49,11,48,9,6,3,85,4,6,19,2,67,90,49,22,48,20,
                           6,3,85,4,10,12,13,83,111,101,109,115,97,116,117,32,
                           67,97,98,117,49,12,48,10,6,3,85,4,11,12,3,73,67,84,
                           49,16,48,14,6,3,85,4,3,12,7,105,99,116,46,99,111,
                           109,48,30,23,13,49,50,49,49,50,50,49,48,49,52,49,55,
                           90,23,13,49,55,49,49,50,49,49,48,49,52,49,55,90,48,
                           69,49,11,48,9,6,3,85,4,6,19,2,67,90,49,22,48,20,6,3,
                           85,4,10,12,13,83,111,101,109,115,97,116,117,32,67,
                           97,98,117,49,12,48,10,6,3,85,4,11,12,3,73,67,84,49,
                           16,48,14,6,3,85,4,3,12,7,105,99,116,46,99,111,109,
                           48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,
                           0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,190,0,28,89,
                           0,189,127,83,155,81,235,193,186,105,224,229,114,20,
                           147,7,203,135,145,175,179,74,115,137,217,179,46,49,
                           33,83,30,86,32,155,97,177,70,12,87,5,33,124,3,131,
                           208,19,118,215,95,145,193,207,211,149,0,158,20,3,
                           133,178,174,238,7,147,205,225,11,50,58,113,4,187,
                           200,107,194,118,228,153,119,142,202,212,232,111,238,
                           143,149,0,240,149,144,31,155,235,119,242,167,31,204,
                           20,13,173,83,39,18,200,244,150,207,229,103,83,58,
                           216,250,208,252,232,175,56,73,248,44,55,38,176,9,
                           123,154,211,195,62,97,197,194,234,18,186,40,237,125,
                           123,63,242,164,23,146,164,198,225,0,94,178,101,232,
                           183,87,153,207,90,128,63,109,177,132,144,205,127,41,
                           152,134,149,79,59,224,25,165,83,178,126,96,220,209,
                           53,165,13,126,95,193,235,94,92,31,201,65,68,116,232,
                           5,42,84,173,157,4,255,232,77,52,164,103,201,255,162,
                           250,59,47,45,164,81,61,234,176,62,195,186,173,243,
                           27,172,129,174,40,187,164,7,169,184,96,68,31,244,
                           150,24,140,5,247,39,14,70,200,149,63,2,3,1,0,1,48,
                           13,6,9,42,134,72,134,247,13,1,1,5,5,0,3,130,1,1,0,
                           95,48,235,37,237,45,7,232,113,142,18,0,146,119,212,
                           239,43,122,106,160,11,238,184,163,22,75,111,96,224,
                           116,174,142,137,245,152,220,76,169,91,137,205,60,47,
                           35,144,44,252,197,149,211,209,121,242,142,122,62,35,
                           219,37,230,226,96,249,121,68,16,156,28,79,92,174,
                           101,210,57,156,142,31,129,133,111,65,211,82,16,162,
                           250,88,35,66,67,62,160,73,110,206,248,0,88,149,217,
                           191,73,198,117,59,154,45,98,15,156,120,161,84,206,
                           43,95,242,200,197,1,200,152,131,135,103,253,194,147,
                           184,115,50,153,45,109,165,189,147,143,194,55,53,12,
                           52,27,166,133,81,220,200,95,201,0,224,66,152,210,9,
                           206,187,117,137,123,231,110,173,63,140,33,218,91,
                           222,194,37,220,146,190,252,10,137,153,167,212,35,77,
                           107,147,118,84,189,187,130,130,71,245,49,67,101,165,
                           235,226,224,210,221,240,237,193,53,125,149,159,50,
                           249,194,176,97,76,224,35,41,249,121,147,23,72,47,
                           104,178,59,134,201,135,119,189,144,209,144,63,169,
                           95,86,78,104,79,44,150,79,141,253,46,225,175,139,
                           230,151,57,6>>,
                         <<48,130,3,54,48,130,2,30,2,9,0,140,204,151,61,246,
                           240,165,67,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,
                           48,93,49,11,48,9,6,3,85,4,6,19,2,67,90,49,39,48,37,
                           6,3,85,4,10,19,30,82,101,112,117,116,97,116,105,111,
                           110,32,83,101,114,118,105,99,101,32,68,101,118,101,
                           108,111,112,109,101,110,116,49,37,48,35,6,3,85,4,3,
                           19,28,114,101,112,117,116,97,116,105,111,110,45,115,
                           101,114,118,105,99,101,46,107,101,114,105,111,46,99,
                           111,109,48,30,23,13,49,50,48,52,48,51,49,53,50,51,
                           50,55,90,23,13,49,55,48,52,48,50,49,53,50,51,50,55,
                           90,48,93,49,11,48,9,6,3,85,4,6,19,2,67,90,49,39,48,
                           37,6,3,85,4,10,19,30,82,101,112,117,116,97,116,105,
                           111,110,32,83,101,114,118,105,99,101,32,68,101,118,
                           101,108,111,112,109,101,110,116,49,37,48,35,6,3,85,
                           4,3,19,28,114,101,112,117,116,97,116,105,111,110,45,
                           115,101,114,118,105,99,101,46,107,101,114,105,111,
                           46,99,111,109,48,130,1,34,48,13,6,9,42,134,72,134,
                           247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,
                           0,192,14,209,47,35,12,52,111,245,93,138,117,89,37,
                           130,184,25,108,243,65,169,208,204,66,122,25,192,194,
                           226,86,105,37,222,108,131,213,4,139,199,248,161,59,
                           13,46,125,207,2,199,57,238,131,38,248,28,139,159,
                           211,81,31,186,202,57,81,143,111,8,122,164,73,41,11,
                           141,15,83,3,9,25,95,113,95,196,37,150,2,121,248,182,
                           104,215,240,24,222,66,173,79,125,100,36,187,231,69,
                           248,20,181,125,39,202,203,193,164,129,95,249,43,99,
                           3,37,85,200,139,131,12,248,253,89,41,91,142,220,183,
                           106,47,88,173,175,69,210,89,209,146,97,163,84,153,
                           107,141,220,76,26,223,247,133,189,234,31,107,176,
                           129,188,57,164,200,21,91,97,77,105,97,223,236,67,
                           253,16,128,222,157,234,177,180,47,21,85,131,170,177,
                           28,238,121,144,92,162,226,2,173,143,181,212,6,172,
                           148,162,33,100,151,2,91,48,114,135,239,237,111,36,
                           236,7,8,41,143,3,117,25,15,207,2,79,77,6,126,34,43,
                           249,147,215,252,97,30,188,15,208,245,195,111,180,
                           103,104,175,210,13,226,147,46,156,176,119,146,105,2,
                           3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,3,
                           130,1,1,0,74,14,242,251,17,1,83,137,202,112,234,245,
                           203,168,159,226,56,164,149,123,50,233,229,88,0,156,
                           11,0,45,18,250,63,199,38,58,241,62,147,201,162,36,
                           231,92,72,211,94,244,14,11,205,254,48,95,14,76,204,
                           149,242,115,80,59,217,248,183,21,114,70,30,51,191,
                           147,204,247,234,160,80,38,41,119,75,46,227,250,35,
                           33,24,99,49,182,20,50,255,75,63,209,134,204,68,215,
                           163,240,89,103,251,242,184,232,33,106,248,81,70,132,
                           164,142,166,20,112,248,14,66,234,151,21,243,179,22,
                           144,184,243,240,150,203,228,207,165,155,6,46,157,
                           227,41,184,122,191,228,99,176,126,245,254,120,84,
                           159,214,194,167,141,102,73,31,112,183,166,246,102,
                           66,48,241,174,52,201,190,31,63,109,171,247,83,147,
                           42,253,196,217,208,128,223,199,226,123,176,180,70,
                           228,147,208,5,23,182,3,94,114,39,21,150,31,129,137,
                           92,132,177,71,128,126,44,184,106,224,119,159,219,
                           192,239,100,163,0,58,205,242,221,178,117,27,149,189,
                           12,240,147,217,61,4,234,76,231,132,117,189,32,209,
                           115,85,22,18,239,192,240>>,
                         0,
                         <<0,57>>,
                         undefined,false,undefined},
                     294932,ssl_session_cache,
                     {3,1},
                     undefined,false,dhe_rsa,
                     {{1,2,840,113549,1,1,1},
                      {'RSAPublicKey',
                          23985332548066223260322774259983152247797545948725977981875025710391659706585537937762959847062338790405599724727995315638420544358206480001280868527351317937548968876345931793589896941602423200065683725877315198229678655238870730302517002323138774678006366072941089637364098826231863208669397304033591358850613302169833622263116162988138227035449809879884230462587875848694948534737421208621472209080883099703159964364087058652885206739036200595109009813390823243309991477889022926642506234188064656504587631372428472973627488535282906583541347813283001630133822872906001289445314889618418076221729617745551234209087,
                          65537},
                      'NULL'},
                     {'RSAPrivateKey','two-prime',
                         24245061150388932126267388211561744501091175463407888595224551795663243174179988206545263128427895384819161106685261774299926886043886449727365149760320167454881950274766434421391227835510145242902399427836428837752665263535539327909106678269499287402480269087683223401095638029356908814821392014964348552872878386913883155024136808504734817452104655112897489194364101268365556518013584741158156036753091620252122206747573951286458946943600837100506515889843196447909183388855876119846269544345680287986326246932374547999824620904250547635320124126286130214850019238265403675412304909021441994637469225051132486193769,
                         65537,
                         17328576366714496692349218475330937854580034940285470950591470934901841303717973474263189804212750777733407470562344122709047946491015536135000243830556128046052236642207219658092169355373769219262268513958316114396029626154205985299761446462633567621642404814626392226234352822575140238263100590093306842930006045435892856121601423729512197996242068235270905851036153226021734054606688010693704177209978560595698319274376708915898529303563327262255759966796798795075686111639483078123875727747288297150915376929152726694642421456339054268945476553274267673852919202129038846069271873486039976781207205533522013452901,
                         175370494815195674207106911731501626457371590465889564240336423322818657338712687959781189374639152154813531306121219213930531469102050716841885921299604376592875157055568786704961285756158968740499753148009889247438281864458144963953290691240618002674486253789360979786944138116053414853181637891019175023947,
                         138250514580221862655892174736393256109561741620998730071324163294133331805750724515526687394456291120722335476788733177943715853063937025485775099007036433458977246157028955416570452620946072552127788423550793775405053948011855722670612242672683268700825660765387097861823041722523099578698965460097679657627,
                         142026097972310688682979178892246827377686719495362230673056380430625800035239858799660442303559022228189923060312340067421103929903114940371087128780655231274599719790063153991676842131832299691331078598101421818164307921296069428060253852454141036512977896548882667244027756452807590319170371129342718366281,
                         65422024332459841410915727224312434986737847214429003703281753455925004490467174563987200454159832713230111084450752735822031215207773913535717886773963118709481076873642964956194202467818187406490060612777221529161190443408939706229819758029936161438862111743243512305853456718199015628335001843447355527747,
                         96692327788712893502227594737656137616777825297927354007039082535604854560178523094918225407406512660518516707411647582424617277816228673283401730456439499912365000393053010166088811818218189984574138829734660366829219694139224814835276610527380177578913321283217512483858915039007177988094558316513780160433,
                         asn1_NOVALUE},
                     {'DHParameter',
                         179769313486231590770839156793787453197860296048756011706444423684197180216158519368947833795864925541502180565485980503646440548199239100050792877003355816639229553136239076508735759914822574862575007425302077447712589550957937778424442426617334727629299387668709205606050270810842907692932019128194467627007,
                         2,asn1_NOVALUE},
                     {<<0,0,0,128,42,92,72,253,178,119,231,149,208,224,184,195,
                        2,12,214,157,94,48,216,139,94,54,195,90,237,248,61,35,
                        73,227,11,233,89,182,207,43,216,239,223,47,78,186,249,
                        223,191,42,199,139,246,10,26,246,64,161,131,210,59,8,
                        207,143,77,241,200,231,165,114,131,173,49,12,174,86,
                        243,21,240,218,153,61,142,225,144,44,97,205,94,146,14,
                        123,173,160,147,174,179,19,134,160,75,147,215,243,34,
                        67,171,218,101,134,50,112,3,248,40,18,46,190,50,53,69,
                        80,243,194,54,162,75,122,225,69,191,217>>,
                      <<0,0,0,128,108,57,203,135,98,244,98,181,102,201,31,96,
                        95,187,67,232,64,61,39,6,38,213,166,214,127,108,94,
                        230,39,199,145,16,194,86,68,250,69,141,221,241,87,166,
                        81,101,78,204,176,32,74,30,152,23,114,104,225,230,194,
                        189,126,121,214,84,227,4,147,94,63,105,129,185,189,
                        175,250,36,16,110,165,122,184,49,73,89,226,148,192,79,
                        96,248,191,190,116,209,246,242,56,130,10,65,97,89,221,
                        234,85,120,34,240,170,224,133,195,255,196,58,212,96,
                        233,34,160,182,220,123,171,219,109,43,188,240,120>>},
                     undefined,#Ref<0.0.0.8310>,
                     {<0.1801.0>,#Ref<0.0.0.8318>},
                     0,<<>>,true,
                     {false,first},
                     false,
                     {[],[]},
                     false}
** Reason for termination = 
** {decrypt_failed,[{crypto,rsa_public_decrypt,
                            [<<86,79,97,119,56,220,212,141,121,171,170,45,99,
                               158,180,65,155,20,158,110,113,113,205,252,0,175,
                               202,212,69,250,27,118,17,89,131,102,246,150,72,
                               74,115,26,88,155,52,193,129,163,57,97,69,40,47,
                               216,77,120,59,73,214,173,46,24,203,163,109,116,
                               172,240,129,40,245,230,84,7,159,230,152,230,36,
                               205,202,234,29,112,180,231,160,46,98,96,88,177,
                               133,184,13,64,25,48,209,188,28,118,125,14,8,183,
                               220,40,146,11,129,37,29,242,175,117,238,84,105,
                               81,222,97,253,29,199,106,161,91,229,86,118,121,
                               76,223,9,82,229,222,144,242,18,65,15,104,222,
                               218,238,207,154,43,36,22,28,223,32,79,18,163,
                               141,43,34,33,141,55,126,216,34,213,0,88,132,249,
                               70,199,94,9,22,201,100,153,222,54,196,13,138,
                               254,175,18,94,5,81,36,49,239,200,164,3,35,227,
                               215,180,129,206,9,231,115,68,246,85,247,189,90,
                               107,57,31,76,117,158,41,167,185,217,186,39,171,
                               4,182,91,66,171,123,32,129,175,90,243,217,41,18,
                               16,80,217,104,104,98,184,34,233,98,98,157,190,
                               14,136,137,128>>,
                             [<<0,0,0,3,1,0,1>>,
                              <<0,0,1,1,0,190,0,28,89,0,189,127,83,155,81,235,
                                193,186,105,224,229,114,20,147,7,203,135,145,
                                175,179,74,115,137,217,179,46,49,33,83,30,86,
                                32,155,97,177,70,12,87,5,33,124,3,131,208,19,
                                118,215,95,145,193,207,211,149,0,158,20,3,133,
                                178,174,238,7,147,205,225,11,50,58,113,4,187,
                                200,107,194,118,228,153,119,142,202,212,232,
                                111,238,143,149,0,240,149,144,31,155,235,119,
                                242,167,31,204,20,13,173,83,39,18,200,244,150,
                                207,229,103,83,58,216,250,208,252,232,175,56,
                                73,248,44,55,38,176,9,123,154,211,195,62,97,
                                197,194,234,18,186,40,237,125,123,63,242,164,
                                23,146,164,198,225,0,94,178,101,232,183,87,
                                153,207,90,128,63,109,177,132,144,205,127,41,
                                152,134,149,79,59,224,25,165,83,178,126,96,
                                220,209,53,165,13,126,95,193,235,94,92,31,201,
                                65,68,116,232,5,42,84,173,157,4,255,232,77,52,
                                164,103,201,255,162,250,59,47,45,164,81,61,
                                234,176,62,195,186,173,243,27,172,129,174,40,
                                187,164,7,169,184,96,68,31,244,150,24,140,5,
                                247,39,14,70,200,149,63>>],
                             rsa_pkcs1_padding]},
                    {ssl_handshake,certificate_verify,5},
                    {ssl_connection,cipher,2},
                    {ssl_connection,next_state,3},
                    {ssl_connection,certify,2},
                    {ssl_connection,next_state,3},
                    {gen_fsm,handle_msg,7},
                    {proc_lib,init_p_do_apply,3}]}

I am attaching the Makefile which generates the certificates/keys using OpenSSL:

# Generation of license manager certificates.
$(LM_CERT_DIR)/Cooking-service-ca.crt:
	openssl genrsa -out $(LM_CERT_DIR)/Cooking-service-ca.key 2048
	openssl req -subj '/C=CZ/O=Cooking Service Development/OU=Certificate Authority/CN=Cooking-service-ca.com' -new -key $(LM_CERT_DIR)/Cooking-service-ca.key \
		-out $(LM_CERT_DIR)/Cooking-service-ca.csr
	openssl x509 -req -days 1825 -in $(LM_CERT_DIR)/Cooking-service-ca.csr -signkey $(LM_CERT_DIR)/Cooking-service-ca.key -out $(LM_CERT_DIR)/Cooking-service-ca.crt

$(LM_CERT_DIR)/Manager-client.key:
	openssl genrsa -out $(LM_CERT_DIR)/Manager-client.key 2048

# Erlang SSL_LM_CLIENTCERT_PATH = Manager-client.crt
$(LM_CERT_DIR)/Manager-client.crt: $(LM_CERT_DIR)/Manager-client.key $(LM_CERT_DIR)/Cooking-service-ca.crt
	openssl req -subj '/C=CZ/O=Soemsatu Cabu/OU=ICT/CN=ict.com' -new -key $(LM_CERT_DIR)/Manager-client.key -out $(LM_CERT_DIR)/Manager-client.csr
	openssl x509 -req -days 1825 -in $(LM_CERT_DIR)/Manager-client.csr -signkey $(LM_CERT_DIR)/Manager-client.key -out $(LM_CERT_DIR)/Manager-client-tmp.crt
	openssl x509 -days 1825 -in $(LM_CERT_DIR)/Manager-client-tmp.crt -signkey $(LM_CERT_DIR)/Cooking-service-ca.key -out $(LM_CERT_DIR)/Manager-client.crt
	rm -f Manager-client-tmp.crt

---------- Původní zpráva ----------
Od: Ingela Andin 
Datum: 21. 11. 2012
Předmět: Re: [erlang-questions] ssl:peercert returns no_peercert on server, but works on client
Hello!

2012/11/20,  :
> Hello.
>
> I am writing a client-server application which communicates over SSL.
>
> When the SSL connection is successfully established, the server attempts to
> retrieve the client certificate with ssl:peercert/1 - but on server the
> function always returns no_peercert error. The client gives PEM certificate
> and key paths when it requests connection upgrade to SSL:
>
>     SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile,
> ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
>     SslConnectResult = ssl:connect(Socket, SslOptions),
>     ?assertMatch({ok, _}, SslConnectResult),
>     ....
>
> In an attempt to find what is wrong, I tried to reverse the client and
> server roles - and the peer certificate can be retrieved successfully on
> client. In this case the connection is upgraded to SSL with exactly the same
> SslOptions on server. The peer certificate can be retrieved successfully on
> client:
>     ...
>     ?assertMatch({ok, _}, ssl:peercert(SslSocket)),
>
> and the server code contains basically
>
>     SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile,
> ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
>     {ok, SslSocket} = ssl:ssl_accept(Socket, SslOptions, infinity),
>     ...
>
> Is the failing ssl:peercert/1 on server a bug/missing implementation, or am
> I missing something? The Erlang distribution is R14B04.
>
> Thanks, Jan
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>

Well we have a reported issue that is similar to what you describe,
but we have not been able to reproduce it yet.  However in your case
it proably depends on that you have not
specified that the server should verify the client {verify,
verify_peer} , by default the server will
not  request a client certificate.

Regards Ingela Erlang/OTP team - Ericsson AB


More information about the erlang-questions mailing list