[erlang-questions] SSL connections (in Common Test) intermittently fail with "unknown ca"

Ingela Andin ingela.andin@REDACTED
Sun Apr 3 15:10:29 CEST 2016


2016-03-31 17:33 GMT+02:00 Roger Lipscombe <roger@REDACTED>:

> I've got a custom ranch protocol -- it's based on ranch_ssl, but it
> adds a custom verify_fun, with configuration options.
> I'm attempting to test it in Common Test, and I'm seeing intermittent
> "unknown ca" failures. I suspect, though I'm not sure, that it might
> be due to the fact that each test starts a ranch listener with
> different SSL options, in particular the 'cacertfile' option varies.
> Is there a race condition in the 'ssl' application which might get
> confused by this?

Humm ... if there is such a race I think gen_statem will resolve it.
(Planned for 19) There is not a "known" such race but I am crrently seeing
problems along these lines on some windows machines that have
no good explenation and only occur for some windows builds and not
others with same version of openssl and erlang but diffrent compilers
for openssl.

> I've attempted to clean up by calling ssl:clear_pem_cache from
> end_per_testcase, but it doesn't appear to make any difference.
Clearing the pem cache will help under the circumstanses that
you use the same pem-file for diffrent test cases but the pem-file
contents on disk has changed between the test cases.
Also putting such an "ensure clean start"-action in
end_per_testcase might not do what you want as end_per_testcase
will only run if the test does not fail, so it will proably fit better in

Regards Ingela Erlang/OTP Team - Ericsson AB

> I can tidy up the test suite for public consumption if anyone thinks
> that would be useful.
> --
> Roger.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160403/bc4aff2e/attachment.htm>

More information about the erlang-questions mailing list