- Clone
https://github.com/michaelklishin/tls-gen.git
- Do the following:
cd tls-gen/basic make
- Start TLS/SSL server:
Note: ensure Erlang is in your PATH
. Edit repro
so that the cacertfile
, certfile
and keyfile
paths are all valid.
./repro
- Connect a client:
cd tls-gen/basic/result
openssl s_client -connect localhost:4000 \
-cert ./client_certificate.pem \
-key ./client_key.pem \
-CAfile ./ca_certificate.pem \
-verify 8
Notice that connection succeeds.
- Change options
Edit repro
so that the cacertfile
path is invalid, something like this:
{cacertfile, "/FOOBAR/michaelklishin/tls-gen/basic/result/ca_certificate.pem"},
-
Re-start the server with
./repro
-
Connect a client:
cd tls-gen/basic/result
openssl s_client -connect localhost:4000 \
-cert ./client_certificate.pem \
-key ./client_key.pem \
-CAfile ./ca_certificate.pem \
-verify 8
Notice that the server throws the following error:
[ERROR] exit : {{function_clause,
[{tls_connection,gen_handshake,
[error,
{call,{<0.5.0>,#Ref<0.2501599645.817364995.145871>}},
{new_user,<0.84.0>},
{{options,
{cacertfile,
"/FOOBAR/home/lbakken/development/michaelklishin/tls-gen/basic/result/ca_certificate.pem",
{error,enoent}}},
After applying the most recent patch to a master
build of Erlang, and running ./repro
with the invalid cacertfile
option, the following is output, which is the same as what is output with Erlang 19.3
:
lbakken@shostakovich ~/development/erlang/builds/master-ERL-539/otp_src_git (master *%=)
$ bin/escript /home/lbakken/issues/erlang/ERL-539/gist/repro
=ERROR REPORT==== 3-Jan-2018::12:57:19 ===
Error in process <0.83.0> on node 'ERL539@localhost' with exit value:
{{badmatch,
{error,
{options,
{cacertfile,
"/FOOBAR/home/lbakken/development/michaelklishin/tls-gen/basic/result/ca_certificate.pem",
{error,enoent}}}}},
[{erl_eval,expr,3,[]}]}