[erlang-questions] Escript with TLS distribution

Mark Steele mark@REDACTED
Fri Jan 15 22:49:47 CET 2016 

Hi all,

I'm trying to setup an escript that can leverage TLS distribution.

Is such a thing even possible?

I've tried this line in the file header (line breaks for readability):

%%! +P 256000 -env  ERL_MAX_ETS_TABLES 256000
-env ERL_CRASH_DUMP /dev/null
-env ERL_FULLSWEEP_AFTER 0
-env ERL_MAX_PORTS 65536 +A 64 +K true +W w
-smp auto -boot /tmp/start_clean
-proto_dist inet_tls
-ssl_dist_opt client_cacertfile var/lib/cinched/cacert.pem
client_keyfile /var/lib/cinched/key.pem
client_certfile /var/lib/cinched/client.pem
server_cacertfile /etc/cinched/cacert.pem
server_keyfile /var/lib/cinched/key.pem
server_certfile /var/lib/cinched/cert.pem
-name cinched -setcookie foobar -config /etc/cinched/sys.config
-s public_key -s asn1 -s ssl -s crypto

Unfortunately, it doesn't look like it applies the boot settings

{error_logger,{{2016,1,15},{16,38,26}},"Protocol: ~tp: not
supported~n",["inet_tls"]}
{error_logger,{{2016,1,15},{16,38,26}},crash_report,[[{initial_call,{net_kernel,init,['Argument__1']}},{pid,<0.21.0>},{registered_name,[]},{error_info,{exit,{error,badarg},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,322}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}},{ancestors,[net_sup,kernel_sup,<0.10.0>]},{messages,[]},{links,[<0.18.0>]},{dictionary,[{longnames,true}]},{trap_exit,true},{status,running},{heap_size,987},{stack_size,27},{reductions,223}],[]]}
{error_logger,{{2016,1,15},{16,38,26}},supervisor_report,[{supervisor,{local,net_sup}},{errorContext,start_error},{reason,{'EXIT',nodistribution}},{offender,[{pid,undefined},{name,net_kernel},{mfargs,{net_kernel,start_link,[[cinched,longnames]]}},{restart_type,permanent},{shutdown,2000},{child_type,worker}]}]}
{error_logger,{{2016,1,15},{16,38,26}},supervisor_report,[{supervisor,{local,kernel_sup}},{errorContext,start_error},{reason,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}},{offender,[{pid,undefined},{name,net_sup},{mfargs,{erl_distribution,start_link,[]}},{restart_type,permanent},{shutdown,infinity},{child_type,supervisor}]}]}
{error_logger,{{2016,1,15},{16,38,26}},crash_report,[[{initial_call,{application_master,init,['Argument__1','Argument__2','Argument__3','Argument__4']}},{pid,<0.9.0>},{registered_name,[]},{error_info,{exit,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{kernel,start,[normal,[]]}},[{application_master,init,4,[{file,"application_master.erl"},{line,133}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}},{ancestors,[<0.8.0>]},{messages,[{'EXIT',<0.10.0>,normal}]},{links,[<0.8.0>,<0.7.0>]},{dictionary,[]},{trap_exit,true},{status,running},{heap_size,376},{stack_size,27},{reductions,164}],[]]}
{error_logger,{{2016,1,15},{16,38,26}},std_info,[{application,kernel},{exited,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{kernel,start,[normal,[]]}}},{type,permanent}]}
{"Kernel pid
terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{kernel,start,[normal,[]]}}}"}


The /tmp/start_clean.rel file:

{release,{"start_clean",[]},
         {erts,"6.4"},
         [{kernel,"3.2"},
          {stdlib,"2.4"},
          {sasl,"2.4.1"},
          {crypto,"3.5"},
          {asn1,"3.0.4"},
          {public_key,"0.23"},
          {ssl,"6.0"}
          ]}.

Anyone have a clue-stick or working example of an escript that can talk TLS?

I've also tried specifying TLS options as part of the ERL_FLAGsin the
environment prior to kicking off the escript  (and removing TLS options
from the script header), with the same results.


Mark Steele
CISSP, GPEN, GCIA, CSM
mark@REDACTED

LinkedIn: https://ca.linkedin.com/in/markrsteele
Github: https://github.com/marksteele
Personal: http://www.control-alt-del.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160115/ef8c987d/attachment.htm>

More information about the erlang-questions mailing list