Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Erlang CI images #261

Merged
merged 2 commits into from
Sep 22, 2023
Merged

Update Erlang CI images #261

merged 2 commits into from
Sep 22, 2023

Conversation

nickva
Copy link
Collaborator

@nickva nickva commented Sep 22, 2023

  • Use latest patch levels for 24 and 25.
  • Add 26 to the list.

@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

Seeing

in call from eunit_proc:with_timeout/3 (eunit_proc.erl, line 346)
**error:{badmatch,
    {'EXIT',
        {{badmatch,
             {error,
                 {options,incompatible,
                     [{verify,verify_peer},{cacerts,undefined}]}}},

From https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults

@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

Trying to pass {verify, verify_none} showed another error:

=ERROR REPORT==== 22-Sep-2023::16:16:05.580047 ===
    application: mochiweb
    "Accept failed error"
    "{error,{tls_alert,{handshake_failure,\"TLS server: In state start at tls_server_connection_1_3.erl:686 generated SERVER ALERT: Fatal - Handshake Failure\\n unable_to_supply_acceptable_cert\"}}}"

Could be an issue with the how the certificate was generated (has is old signature algorithm). Looking at included server cert with sha1WithRSAEncryption:

% openssl x509 -in ./support/test-materials/test_ssl_cert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            92:e4:35:9c:c4:44:f2:14
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=localhost

nickva and others added 2 commits September 22, 2023 12:07
@nickva @etrepum
Update Erlang CI images
fa3bf82 
 * Use latest patch levels for 24 and 25.
 * Add 26 to the list.

In Erlang 26 TLS `verify` option switched the default value from `verify_none`
to `verify_peer` [1]. So had to explictly set it in the test client.

[1] https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults
@etrepum
Update certificates
293b95d
@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023
edited
Loading

The updated certificate with Signature Algorithm: sha256WithRSAEncryption works. Thanks @etrepum!

etrepum
etrepum approved these changes Sep 22, 2023
View reviewed changes
Copy link
Member

@etrepum etrepum left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a script that generates a new self-signed cert which appears to work and will be good for whoever looks at this next so they can see how they were generated. I did get a test failure once but I can't reproduce it locally and it didn't reproduce when I restarted the build 🤷🏻‍♂️

@etrepum etrepum merged commit 4e5372e into mochi:main Sep 22, 2023
9 checks passed
@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

I added a script that generates a new self-signed cert which appears to work and will be good for whoever looks at this next so they can see how they were generated.

Thank you. That worked. I also noticed the failure afterwards, but It seemed like an unrelated flaky test.

@nickva nickva deleted the update-ci-images branch September 22, 2023 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etrepum etrepum etrepum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nickva @etrepum