[erlang-questions] ssl:peercert returns no_peercert on server, but works on client

Jan.Evangelista@REDACTED Jan.Evangelista@REDACTED
Tue Nov 20 20:30:22 CET 2012


I am writing a client-server application which communicates over SSL. 

When the SSL connection is successfully established, the server attempts to retrieve the client certificate with ssl:peercert/1 - but on server the function always returns no_peercert error. The client gives PEM certificate and key paths when it requests connection upgrade to SSL:

    SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile, ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
    SslConnectResult = ssl:connect(Socket, SslOptions),
    ?assertMatch({ok, _}, SslConnectResult),

In an attempt to find what is wrong, I tried to reverse the client and server roles - and the peer certificate can be retrieved successfully on client. In this case the connection is upgraded to SSL with exactly the same SslOptions on server. The peer certificate can be retrieved successfully on client:
    ?assertMatch({ok, _}, ssl:peercert(SslSocket)),

and the server code contains basically

    SslOptions = [{cacertfile, ?SSL_CACERT_PATH}, {certfile, ?SSL_CERT_PATH}, {keyfile, ?SSL_KEY_PATH}],
    {ok, SslSocket} = ssl:ssl_accept(Socket, SslOptions, infinity),

Is the failing ssl:peercert/1 on server a bug/missing implementation, or am I missing something? The Erlang distribution is R14B04.

Thanks, Jan

More information about the erlang-questions mailing list