Skip to content

Instantly share code, notes, and snippets.

@rnewson
Created March 26, 2016 17:03
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rnewson/2839d2b4f9047547949f to your computer and use it in GitHub Desktop.
Use TLS for erlang distribution (RSA or ECC)
commit eb3560777d70049fb86ef21d09856e3afbb7fdf7
Author: Robert Newson <rnewson@apache.org>
Date: 2016-03-26 16:42:48 +0000
Use TLS for erlang distribution
diff --git a/Makefile b/Makefile
index cefc5da..04eb284 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,7 @@ help:
.PHONY: couch
# target: couch - Build CouchDB core
-couch: config.erl
+couch: config.erl crypto
@COUCHDB_VERSION=$(COUCHDB_VERSION) $(REBAR) compile
@cp src/couch/priv/couchjs bin/
@@ -336,6 +336,27 @@ uninstall:
@rm -rf $(DESTDIR)/$(man_dir)
@rm -rf $(DESTDIR)/$(info_dir)
+################################################################################
+# Crypto Goop
+################################################################################
+
+crypto: rsa_bundle.pem ecc_bundle.pem
+
+%_bundle.pem: %_cert.pem
+ cat $*_cert.pem $*_key.pem > $*_bundle.pem
+
+%_cert.pem: %_key.pem %_csr.pem
+ openssl req -x509 -days 99999 -key $*_key.pem -in $*_csr.pem -out $@
+
+%_csr.pem: %_key.pem
+ openssl req -new -key $< -out $@ -subj "/O=The Apache Software Foundation/OU=Infrastructure/CN=*.couchdb.org"
+
+rsa_key.pem:
+ openssl genrsa -out rsa_key.pem 2048
+
+ecc_key.pem:
+ openssl ecparam -genkey -name prime256v1 -out ecc_key.pem
+
################################################################################
# Misc
diff --git a/dev/run b/dev/run
index d2705f7..8ce759c 100755
--- a/dev/run
+++ b/dev/run
@@ -369,6 +369,10 @@ def boot_node(ctx, node):
reldir = os.path.join(ctx['rootdir'], "rel")
cmd = [
"erl",
+ "-proto_dist", "inet_tls",
+ "-ssl_dist_opt", "server_certfile", os.path.join(ctx['rootdir'], "ecc_bundle.pem"),
+ "-ssl_dist_opt", "server_secure_renegotiate", "true",
+ "-ssl_dist_opt", "client_secure_renegotiate", "true",
"-args_file", os.path.join(node_etcdir, "vm.args"),
"-config", os.path.join(reldir, "files", "sys"),
"-couch_ini",
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment