<div dir="ltr">I am seeing a (probably intentional) difference between the way that the ssl module resolves certificates when run by hand from a command line emulator, and the way that it resolves certificates when run via a rebar-generated start script. I would like to understand the underlying mechanism and how to change its behavior.<div>
<br></div><div>In particular, my OTP application, which uses httpc, ssl and public_key, when run from the reltool- and rebar-generated application start script, emits:</div><div><br></div><div><div>=ERROR REPORT==== 9-Apr-2013::20:20:59 ===</div>
<div>SSL: certify: ssl_handshake.erl:263:Fatal error: certificate unknown</div><div><br></div><div>=ERROR REPORT==== 9-Apr-2013::20:20:59 ===</div><div>Error in process <0.77.0> on node '<a href="mailto:message_queue_worker@127.0.0.1">message_queue_worker@127.0.0.1</a>' with exit value: {{badmatch,{error,{failed_connect,[{to_address,{"<a href="http://go.urbanairship.com">go.urbanairship.com</a>",443}},{inet,[inet],{tls_alert,"certificate unknown"}}]}}},</div>
</div><div><br></div><div style>but when run via erl it works fine.</div><div style><br></div><div style>I suspect/think/am trying to deduce that the rebar-generated start script is attempting to sandbox/clean-start the environment so that minimal system dependencies are injected, which would be a good general practice for things like rebar/reltool. However, this app will only ever be installed on unix systems with properly installed certs in the normative openssl directories so I'd like to bypass that, or work around it with proper inclusions. </div>
<div style><br></div><div style>Unfortunately the documentation is a little sparse in this area and it doesn't appear that my situation is super common.</div><div style><br></div><div style>Thanks in advance for any clues / tips.</div>
<div style><br></div><div style>F.</div></div>