[erlang-questions] SSL hostname verification
San Gillis
san.gillis@REDACTED
Mon Jan 22 16:28:58 CET 2018
Since upgrading to Erlang 20.2 (from 19.3) we've been having issues with
using SSL for Erlang distribution.
We used to run our nodes with
```
-ssl_dist_opt server_verify verify_peer
-ssl_dist_opt client_verify verify_peer
```
in the vm.args file. Since the upgrade this failed with {bad_cert,
hostname_check_failed}.
I noticed that this hostname check fails because `fun
public_key:verify_hostname_match_default/2` is receiving `{dns_id, "
nodename@REDACTED"}` and `{dNSName,"*.hostname.com"}` as
arguments, which will fail to check.
I have looked into providing `verify_fun` to do custom verification, but
this seems pretty convoluted if I just want to `erl -remsh
nodename@REDACTED -ssl_dist_optfile ...` into the given node.
Did anyone else run into this issue? Are there some better ways to fix this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180122/cc7ef0fd/attachment.htm>
More information about the erlang-questions
mailing list