Can't start distribution when using ssl_dist_optfile file that contains UTF-8 characters

[lukebakken]

Describe the bug

Create an ssl_dist_optfile file that contains UTF-8 characters in it, and try to start distributied Erlang with it.

To Reproduce

Please see this README and repository:

https://github.com/lukebakken/erlang-ssl_dist_optfile-utf8

Expected behavior

The ability to use strings like Евгений in the ssl_dist_optfile file.

Affected versions

Tested with Erlang 26.2.3 on Windows an Ubuntu 22.04

[lukebakken]

Actually, this is an issue. My error was forgetting to add -proto_dist inet_tls to the erl arguments.

Please see the README for reproduction steps on Windows and POSIX:
https://github.com/lukebakken/erlang-ssl_dist_optfile-utf8

[lukebakken]

It looks as though ssl_dist_sup:consult/1 does not deal with the ssl_dist_optfile file encoding correctly. This is what gets saved to the ssl_dist_opts ETS table:

ETS table contents

(n0@rmq0)2> rp(ets:tab2list(ssl_dist_opts)).
[{server,[{cacertfile,[47,104,111,109,101,47,108,98,97,107,
                       107,101,110,47,100,101,118,101,108,111,112,109,101,110,116,
                       47,108,117,107,101,98,97,107,107,101,110,47,101,114,108,97,
                       110,103,45,115,115,108,95,100,105,115,116,95,111,112,116,
                       102,105,108,101,45,117,116,102,56,47,99,101,114,116,115,32,
                       208,149,208,178,208,179,208,181,208,189,208,184,208,185,47,
                       99,97,95,99,101,114,116,105,102,105,99,97,116,101,46,112,
                       101,109]},
          {certfile,[47,104,111,109,101,47,108,98,97,107,107,101,110,
                     47,100,101,118,101,108,111,112,109,101,110,116,47,108,117,
                     107,101,98,97,107,107,101,110,47,101,114,108,97,110,103,45,
                     115,115,108,95,100,105,115,116,95,111,112,116,102,105,108,
                     101,45,117,116,102,56,47,99,101,114,116,115,32,208,149,208,
                     178,208,179,208,181,208,189,208,184,208,185,47,115,101,114,
                     118,101,114,95,114,109,113,48,95,99,101,114,116,105,102,105,
                     99,97,116,101,46,112,101,109]},
          {keyfile,[47,104,111,109,101,47,108,98,97,107,107,101,110,
                    47,100,101,118,101,108,111,112,109,101,110,116,47,108,117,
                    107,101,98,97,107,107,101,110,47,101,114,108,97,110,103,45,
                    115,115,108,95,100,105,115,116,95,111,112,116,102,105,108,
                    101,45,117,116,102,56,47,99,101,114,116,115,32,208,149,208,
                    178,208,179,208,181,208,189,208,184,208,185,47,115,101,114,
                    118,101,114,95,114,109,113,48,95,107,101,121,46,112,101,
                    109]},
          {verify,verify_peer},
          {fail_if_no_peer_cert,true}]},
 {client,[{cacertfile,[47,104,111,109,101,47,108,98,97,107,
                       107,101,110,47,100,101,118,101,108,111,112,109,101,110,116,
                       47,108,117,107,101,98,97,107,107,101,110,47,101,114,108,97,
                       110,103,45,115,115,108,95,100,105,115,116,95,111,112,116,
                       102,105,108,101,45,117,116,102,56,47,99,101,114,116,115,32,
                       208,149,208,178,208,179,208,181,208,189,208,184,208,185,47,
                       99,97,95,99,101,114,116,105,102,105,99,97,116,101,46,112,
                       101,109]},
          {certfile,[47,104,111,109,101,47,108,98,97,107,107,101,110,
                     47,100,101,118,101,108,111,112,109,101,110,116,47,108,117,
                     107,101,98,97,107,107,101,110,47,101,114,108,97,110,103,45,
                     115,115,108,95,100,105,115,116,95,111,112,116,102,105,108,
                     101,45,117,116,102,56,47,99,101,114,116,115,32,208,149,208,
                     178,208,179,208,181,208,189,208,184,208,185,47,99,108,105,
                     101,110,116,95,114,109,113,48,95,99,101,114,116,105,102,105,
                     99,97,116,101,46,112,101,109]},
          {keyfile,[47,104,111,109,101,47,108,98,97,107,107,101,110,
                    47,100,101,118,101,108,111,112,109,101,110,116,47,108,117,
                    107,101,98,97,107,107,101,110,47,101,114,108,97,110,103,45,
                    115,115,108,95,100,105,115,116,95,111,112,116,102,105,108,
                    101,45,117,116,102,56,47,99,101,114,116,115,32,208,149,208,
                    178,208,179,208,181,208,189,208,184,208,185,47,99,108,105,
                    101,110,116,95,114,109,113,48,95,107,101,121,46,112,101,
                    109]},
          {verify,verify_peer}]}]
ok

Here is what the cacertfile value should be. Note the difference in codepoint values:

$ erl
Erlang/OTP 26 [erts-14.2.3] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1] [jit:ns]

Eshell V14.2.3 (press Ctrl+G to abort, type help(). for help)
1> S = "/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/ca_certificate.pem".
[47,104,111,109,101,47,108,98,97,107,107,101,110,47,100,101,
 118,101,108,111,112,109,101,110,116,47,108,117,107|...]
2> rp(S).
[47,104,111,109,101,47,108,98,97,107,107,101,110,47,100,101,
 118,101,108,111,112,109,101,110,116,47,108,117,107,101,98,
 97,107,107,101,110,47,101,114,108,97,110,103,45,115,115,108,
 95,100,105,115,116,95,111,112,116,102,105,108,101,45,117,
 116,102,56,47,99,101,114,116,115,32,1045,1074,1075,1077,
 1085,1080,1081,47,99,97,95,99,101,114,116,105,102,105,99,97,
 116,101,46,112,101,109]

[lukebakken]

Digging further, epp:read_encoding_from_binary is returning none for the file that has utf-8 code points in it:

https://github.com/erlang/otp/blob/master/lib/ssl/src/ssl_dist_sup.erl#L95-L96

Terminal session, Ubuntu 22, Erlang 26.2.3... note that I'm using +pc unicode as well:

$ erl +pc unicode -proto_dist inet_tls -sname 'n0@rmq0' -ssl_dist_optfile ./ssl_dist_optfile.rmq0.conf
Erlang/OTP 26 [erts-14.2.3] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1] [jit:ns]

Eshell V14.2.3 (press Ctrl+G to abort, type help(). for help)

(n0@rmq0)1> {ok,F} = file:read_file("./ssl_dist_optfile.rmq0.conf").
{ok,<<"[\n    {server, [\n        {cacertfile, \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/cer"...>>}

(n0@rmq0)2> epp:read_encoding_from_binary(F).
none

(n0@rmq0)4> rp(F).
<<"[\n    {server, [\n        {cacertfile, \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/ca_certificate.pem\"},\n        {certfile,   \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/server_rmq0_certificate.pem\"},\n        {keyfile,    \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/server_rmq0_key.pem\"},\n        {verify, verify_peer},\n        {fail_if_no_peer_cert, true}\n    ]},\n    {client, [\n        {cacertfile, \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/ca_certificate.pem\"},\n        {certfile,   \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/client_rmq0_certificate.pem\"},\n        {keyfile,    \"/home/lbakken/development/lukebakken/erlang-ssl_dist_optfile-utf8/certs Евгений/client_rmq0_key.pem\"},\n        {verify, verify_peer}\n    ]}\n].\n"/utf8>>
ok

[lukebakken]

OK, after reading the epp docs, I realized I must add the following to the top of the ssl_dist_optfile file for it to be interpreted as UTF-8:

%% coding: utf-8

So, what's the best way to make a note of this? Add something here?

https://www.erlang.org/doc/apps/ssl/ssl_distribution.html#specifying-tls-options

Or, instead of relying on epp:read_encoding_from_binary could unicode:characters_to_list/2 be called twice, first with latin1 as the argument, then unicode if the first fails?

[michaelklishin]

@lukebakken add it to every example. We can also add a new section to the docs, I'd be happy to do it.

[IngelaAndin]

@lukebakken thanks but as I am already working on polishing the docs I add a commit, feel free to review!

[lukebakken]

Thank you @IngelaAndin

Fixed by IngelaAndin@6cb3bce