[erlang-questions] Troubleshooting TLS distribution

Magnus Henoch magnus@REDACTED
Mon Jan 11 12:24:12 CET 2016


On Sun, Jan 10, 2016 at 3:59 AM, Mark Steele <mark@REDACTED>
wrote:

> Here's what my session looks like.
>
> erl -boot start_clean -proto_dist inet_tls -ssl_dist_op server_certfile
> /tmp/server.pem server_keyfile /tmp/server.key client_certfile
> /tmp/server.pem client_keyfile /tmp/server.key  -name test1@REDACTED
>

That should be -ssl_dist_opt.

Let's have a look at the error messages:

=ERROR REPORT==== 9-Jan-2016::21:58:37 ===
SSL: certify: ssl_alert.erl:92:Fatal error: internal error

Looking at line 92 of ssl_alert.erl, we see that this is an internal error
alert that we received from the peer.  It doesn't really tell us what
happened.

=ERROR REPORT==== 9-Jan-2016::21:58:37 ===
SSL: hello: ssl_handshake.erl:167:Fatal error: internal error

This on the other hand points to the function where the server tries to
establish its own certificate chain.  I suspect that it's not finding
anything because it didn't get the server_certfile option - and if I
remember correctly you need to specify server_cacertfile as well, pointing
to the CA certificate.

Regards,
Magnus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160111/aadd29e6/attachment.htm>


More information about the erlang-questions mailing list