[erlang-questions] reltool/rebar vs. ssl certificates
Felix Gallo
felixgallo@REDACTED
Tue Apr 9 22:16:47 CEST 2013
I am seeing a (probably intentional) difference between the way that the
ssl module resolves certificates when run by hand from a command line
emulator, and the way that it resolves certificates when run via a
rebar-generated start script. I would like to understand the underlying
mechanism and how to change its behavior.
In particular, my OTP application, which uses httpc, ssl and public_key,
when run from the reltool- and rebar-generated application start script,
emits:
=ERROR REPORT==== 9-Apr-2013::20:20:59 ===
SSL: certify: ssl_handshake.erl:263:Fatal error: certificate unknown
=ERROR REPORT==== 9-Apr-2013::20:20:59 ===
Error in process <0.77.0> on node 'message_queue_worker@REDACTED' with
exit value: {{badmatch,{error,{failed_connect,[{to_address,{"
go.urbanairship.com",443}},{inet,[inet],{tls_alert,"certificate
unknown"}}]}}},
but when run via erl it works fine.
I suspect/think/am trying to deduce that the rebar-generated start script
is attempting to sandbox/clean-start the environment so that minimal system
dependencies are injected, which would be a good general practice for
things like rebar/reltool. However, this app will only ever be installed
on unix systems with properly installed certs in the normative openssl
directories so I'd like to bypass that, or work around it with proper
inclusions.
Unfortunately the documentation is a little sparse in this area and it
doesn't appear that my situation is super common.
Thanks in advance for any clues / tips.
F.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130409/82c12860/attachment.htm>
More information about the erlang-questions
mailing list