[erlang-questions] How: SSL for distribution in R11B-5?

Michael Regen michael.regen@REDACTED
Tue Nov 6 22:19:59 CET 2007

Got lots of problems when trying to use SSL as distribution protocol
for Erlang R11B-5. At the end I either get a crash dump or a pang. I
am not very experienced with SSL and I'd really appreciate if someone
here can help!

Currently I am stuck at this point: Everything starts fine but as soon
as I want to ping the second node I get a pang.
If I issue a openssl s_client -connect localhost:56047 -showcerts
I get the following output (... means lines omitted):

verify error:num=18:self signed certificate
No client certificate CA names sent
SSL handshake has read 950 bytes and written 316 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Key-Arg   : None
    Start Time: 1194383094
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

Does that mean I made something wrong with the certificates? Just for
now I don't need anything else than self signed certificates.

What I did so far
Unfortunately  the Erlang user guide for SSL distribution is not easy
to understand and seems to miss some points. The explanation how a
certificate should be created does not really work. Whatever
certificate I try in the SSL examples folder ends with a crash dump.
Same for certificates built with the make_certs.erl program.
The tutorial 'Distributed erlang using ssl through firewalls' on
trapexit also leaves out this point.

This posting here is the only reference I could find which told me how
the certificate should look like:

Ah, certificate and key need to be in one file. At the end I followed
this guide to create my certificate:

I also patched ssl_prim.erl following
If I don't patch it, openssl s_client stops after the line

Nevertheless netstat --tcp -n still shows me some bytes hanging in the
Recv-Q of the Erlang server.

Bruce is also right when saying that setting ERL_SSL_DEBUG stops erts
from starting up:

So for now I am stuck since I don't know what options I have left.
Anyone here who can help? Thanks in advance!


More information about the erlang-questions mailing list