[erlang-questions] SSL/TLS distribution

Mikhail Igonin igonin_phys@REDACTED
Tue Dec 10 15:08:01 CET 2013 

 Ok, I'm sorry!

I performed the following (if it is not correct, please advise how to make a test):

I took my file 'my_app.rel',  commented out external applications  and created a boot script:

[root@REDACTED test ]$ erl
Erlang R16B01 (erts-5.10.2) [source] [64-bit] [smp:4:4] [async threads:10] [hipe] [kernel-poll:false]

Eshell V5.10.2 (abort with ^G)
1> systools:make_script("my_app", []).
ok

Then I ran two erlang nodes with my certificate:

erl -boot my_app -proto_dist inet_tls -ssl_dist_opt server_certfile "path_to_pem" -ssl_dist_opt client_certfile " path_to_pem " -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true -name my_app1 -setcookie 123

erl -boot my_app -proto_dist inet_tls -ssl_dist_opt server_certfile " path_to_pem " -ssl_dist_opt client_certfile " path_to_pem " -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true -name my_app2 -setcookie 123

Finally:

(my_app1@REDACTED)1> net_adm:ping('my_app2@REDACTED').

=PROGRESS REPORT==== 10-Dec-2013::17:28:25 ===
supervisor: {local,inet_gethost_native_sup}
started: [{pid,<0.93.0>},{mfa,{inet_gethost_native,init,[[]]}}]

=PROGRESS REPORT==== 10-Dec-2013::17:28:25 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.92.0>},
{name,inet_gethost_native_sup},
{mfargs,{inet_gethost_native,start_link,[]}},
{restart_type,temporary},
{shutdown,1000},
{child_type,worker}]
pong
(my_app1@REDACTED)2>


So, i can make a conclusion, that the certificate is correct


With best regards,
Mike

Вторник, 10 декабря 2013, 12:31 +01:00 от Ingela Andin <ingela.andin@REDACTED>:
>
>Hi!
>
>2013/12/10 Mikhail Igonin  < igonin_phys@REDACTED >
>>Hello Ingela!
>>
>>Yes, of course. When i disable SSL -- everything is working correctly.
>>
>
>
>Well, that is not what I meant, the question is can you  start an ssl connection with your certs without running the erlang distribution?
>
>Regards Ingela Erlang/OTP team - Ericsson AB
>
>
>
>  With best regards,
>>Mike
>>
>>Вторник, 10 декабря 2013, 11:21 +01:00 от Ingela Andin < ingela.andin@REDACTED >:
>>>Hi!
>>>
>>>Have you verified that you can perform the ssl handshake with your input options running just normally
>>>without the distribution?
>>>
>>>Regards Ingela Erlang/OTP team Ericsson AB
>>>
>>>
>>>2013/12/9 Игонин Михаил  <  igonin_phys@REDACTED >
>>>>
>>>>Hi!
>>>>I already asked this question in Basho/node_package/riak, but received no clear answer. Someone may be encountered such a problem?
>>>>
>>>>I'm using rebar to build my application, and  node_package to create RPM-package.
>>>>Then i define an environment variables in the file vm.ags as described    http://www.erlang.org/doc/apps/ssl/ssl_distribution.html :
>>>>-proto_dist inet_tls
>>>>-ssl_dist_opt client_certfile "/var/lib/myapp/cert.pem"
>>>>-ssl_dist_opt server_certfile "/var/lib/myapp/cert.pem"
>>>>-ssl_dist_opt server_secure_renegotiate true
>>>>-ssl_dist_opt client_secure_renegotiate true
>>>>And then run:
>>>>
>>>>[root@REDACTED bin]# myapp start
>>>>!!!!
>>>>!!!! WARNING: ulimit -n is 1024; 4096 is the recommended minimum.
>>>>!!!!
>>>>myapp failed to start within 15 seconds,
>>>>see the output of 'myapp console' for more information.
>>>>If you want to wait longer, set the environment variable
>>>>WAIT_FOR_ERLANG to the number of seconds to wait.
>>>>
>>>>===========
>>>>In the result I get:
>>>>1. The console log -- all well, as if the node is started correctly.
>>>>2. The error log is empty.
>>>>3. The 'ps eax | grep beam.smp' command -- shows, that the Erlang virtual machine is running (!).
>>>>4. But:
>>>>*  Command 'start' -- hangs
>>>>*  'ping' is not work
>>>>*  The node cannot be stopped, because the 'stop' command does not work
>>>>*  I can't connect to the node through 'attach'/'attach-direct' for the same reason
>>>>*  Even 'getpid' says that the node is not running....
>>>>
>>>>What could be the problem?
>>>>
>>>>(Erlang R16B01, RHEL6.3 )
>>>>_______________________________________________
>>>>erlang-questions mailing list
>>>> erlang-questions@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>
>>
>


-- 
Mikhail Igonin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131210/501ac5a3/attachment.htm>

More information about the erlang-questions mailing list