-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Distributed Erlang over TLS does not work correctly using OTP 26 #7497
Comments
|
@u3s I provided comprehensive reproduction steps in this git repository, in two branches: This succeeds: https://github.com/lukebakken/erlang-otp-7497#reproduction-steps This fails: https://github.com/lukebakken/erlang-otp-7497/tree/otp-26#reproduction-steps If you have time, I'd appreciate someone else confirming what I have found. This issue was originally discovered when Team RabbitMQ and Docker tried to upgrade to OTP 26 - There is a test that uses TLS-enabled distributed Erlang that used to succeed with OTP 25 and then started to fail with 26. I traced it down to this issue.
Yes, they are the same. Please check out the reproduction steps.
This is the template that is turned into the optfile. It is identical for the working version and the one that fails. The x509 certs are identical as well. https://github.com/lukebakken/erlang-otp-7497/blob/main/inet-dist-tls.config.in
No, there is not. It would be great to have some sort of debug logging available for distributed Erlang but I am not aware of it. |
Try |
@RaimoNiskanen on it! |
Here is the transcript of a successful run using OTP 25.3.2.3 and Node
|
AHA @RaimoNiskanen using
I did notice this while working on the original issue (docker-library/official-images@7335ae3) but it didn't make sense because there was no useful error logged or returned, and that setting worked just fine with OTP 25. Before I close this issue I'm going to re-check the OTP 26 READMEs and release announcements to see where this change was (or was not) announced. |
@RaimoNiskanen the change wasn't announced in my opinion. I see a brief mention of "Improved error checking and handling of ssl options" here - https://www.erlang.org/news/164#ssl ...and one mention of https://erlang.org/download/otp_src_26.0.readme However, isn't |
No it is not a valid client option, has never been. Is documented as server option but was ignored by client previously! |
OK! I'll make sure all of the RabbitMQ docs reflect this. Thanks! |
OTP 26 no longer ignores `fail_if_no_peer_cert` for a `client` setting. See the following issue: erlang/otp#7497
OTP 26 no longer ignores `fail_if_no_peer_cert` for a `client` setting. Instead, distributed Erlang fails without informative error messages. See the following issues: * erlang/otp#7497 * rabbitmq/rabbitmq-website#1687
OTP 26 no longer ignores `fail_if_no_peer_cert` for a `client` setting. Instead, distributed Erlang fails without informative error messages. See the following issues: * erlang/otp#7497 * rabbitmq/rabbitmq-website#1687
OTP 26 no longer ignores `fail_if_no_peer_cert` for a `client` setting. Instead, distributed Erlang fails without informative error messages. See the following issues: * erlang/otp#7497 * rabbitmq/rabbitmq-website#1687 `customize_hostname_check` is client only
FYI, I suspect this change will surprise people as they upgrade Erlang - https://groups.google.com/g/rabbitmq-users/c/-Yqb45pOYfc We have updated the RabbitMQ docs and examples. |
OTP 26 no longer ignores `fail_if_no_peer_cert` for a `client` setting. See the following issue: erlang/otp#7497
Describe the bug
When using OTP 26 (26.0.2 to be precise) and
-proto_dist inet_tls -ssl_dist_optfile ...
two Erlang nodes can't connect via distributed Erlang.Using the latest version of OTP 25 works correctly.
To Reproduce
Reproduction steps that show SUCCESS
Note: clone my repository and change to the
main
branch to show success:https://github.com/lukebakken/erlang-otp-7497#reproduction-steps
Reproduction steps that show FAILURE
Note: clone my repository and change to the
otp-26
branch to show failure:https://github.com/lukebakken/erlang-otp-7497/tree/otp-26#reproduction-steps
The main difference between the two branches is the Erlang version specified in the
.tool-versions
file.Expected behavior
This code succeeds:
Affected versions
OTP 26.0.2 is the version with which I am testing that demonstrates failure. OTP 25.3.2.3 succeeds.
The text was updated successfully, but these errors were encountered: