[erlang-questions] [erlang-patches] SSL distribution fixes

Ingela Anderton Andin ingela@REDACTED
Wed Jan 18 17:31:15 CET 2012


Paul Guyot wrote:
> Le 16 janv. 2012 à 14:56, Ingela Anderton Andin a écrit :
>>> This probably is what happens. The other bug I saw is that the client can timeout (using dist_utils:timer) while the proxy doesn't handle this.
>>> What is the rationale behind the use of the proxy? Isn't it related to the old implementation of SSL?
>> We want to avoid having a driver.
> Ingela,
> Thank you for your replies.
> I still do not fully understand the way distribution over TLS works. I've just read in the (old) documentation that proto_dist requires a driver. Is this such a driver that you try to avoid? Is inet_ssl_dist using the same driver as inet_tcp_dist and hence requires a proxy? Is this why inet_tls_dist cannot use ssl:send/2 and ssl:recv/3 as f_recv and f_send handlers (lines 244 and 248)?
ssl:send/recv operates on ssl-sockes.  ssl-sockets are not the same 
thing as inet-sockets that will be used in the inet callback-functions 
in inet_tls_dist. New ssl is a pure erlang application, this is sort of 
a problem as when starting the erlang distribution you are not able to 
start erlang applications yet, this
is solved by  "cloning"  the ssl-application hanging it under the kernel 
application supervisor. Then all distribution messages are sent from 
erts to erlang
and handled by erlang ssl and sent back to erts that  knows nothing 
about the SSL/TLS-handshaking and  TLS/SSL-decryption/encryption.
This is a short and simplified description, but hope it helps.

Regards Ingela Erlang/OTP team  -Ericsson AB

More information about the erlang-questions mailing list