[erlang-questions] SSL hostname verification

San Gillis san.gillis@REDACTED
Mon Jan 22 16:28:58 CET 2018

Since upgrading to Erlang 20.2 (from 19.3) we've been having issues with
using SSL for Erlang distribution.

We used to run our nodes with
-ssl_dist_opt server_verify verify_peer
-ssl_dist_opt client_verify verify_peer
in the vm.args file. Since the upgrade this failed with {bad_cert,

I noticed that this hostname check fails because `fun
public_key:verify_hostname_match_default/2` is receiving `{dns_id, "
nodename@REDACTED"}` and `{dNSName,"*.hostname.com"}` as
arguments, which will fail to check.

I have looked into providing `verify_fun` to do custom verification, but
this seems pretty convoluted if I just want to `erl -remsh
nodename@REDACTED -ssl_dist_optfile ...` into the given node.

Did anyone else run into this issue? Are there some better ways to fix this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180122/cc7ef0fd/attachment.htm>

More information about the erlang-questions mailing list