fwoodruff

fwoodruff

How do I get my bare bones TLS server-client connection to work?

I’m working on a toy networking project and I want to add a TLS layer between the server and the client. I’m getting handshake errors that I’m trying to figure out how to debug.

The TL;DR is probably: ‘what arguments do I pass to :ssl.listen/2’ but here is the minimal example.

First I create a new project with mix new tls_question.

I have added :crypto and :ssl to mix.exs like so:

def application do
    [
      extra_applications: [:logger, :crypto, :ssl]
    ]
end

I have then generated an SSL certificate with

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

and moved key.pem and cert.pem into the project folder.

I then have the following minimal program

defmodule TlsQuestion do
  @ip {127,0,0,1}
  @port 4343
  def main do
    :ssl.start()
    {:ok, listen_socket} = :ssl.listen(@port,
      [ certs_keys: [
          keyfile: "key.pem",
          certfile: "cert.pem",
          password: "CorrectHorseBatteryStaple"
        ],
        reuseaddr: true
      ])
    spawn(fn -> client() end)
    {:ok, accept_socket} = :ssl.transport_accept(listen_socket)
    {:ok, accept_socket} = :ssl.handshake(accept_socket)
    :ssl.send(accept_socket, "some bytes")
  end
  def client() do
    {:ok, connect_socket} = :ssl.connect(@ip, @port,
                              [verify: :verify_peer,
                              cacertfile: "cert.pem",
                              active: :once], :infinity)
    _message = :ssl.recv(connect_socket, 0)
  end
end
TlsQuestion.main()

From which I call mix run.

The error message might be enlightening for some but hasn’t helped me

== Compilation error in file lib/tls_question.ex ==
** (exit) exited in: :gen_statem.call(#PID<0.164.0>, {:start, :infinity}, :infinity)
    ** (EXIT) an exception was raised:
        ** (FunctionClauseError) no function clause matching in :ssl_config.key_conf/1
            (ssl 10.8.7) ssl_config.erl:181: :ssl_config.key_conf({:keyfile, "key.pem"})
            (ssl 10.8.7) ssl_config.erl:72: :ssl_config.cert_key_pair/3
            (stdlib 4.2) lists.erl:1315: :lists.map/2
            (ssl 10.8.7) ssl_config.erl:56: :ssl_config.init_certs_keys/3
            (ssl 10.8.7) ssl_config.erl:51: :ssl_config.init/2
            (ssl 10.8.7) ssl_gen_statem.erl:164: :ssl_gen_statem.ssl_config/3
            (ssl 10.8.7) tls_connection.erl:150: :tls_connection.init/1
            (stdlib 4.2) proc_lib.erl:240: :proc_lib.init_p_do_apply/3
    (stdlib 4.2) gen.erl:243: :gen.do_call/4
    (stdlib 4.2) gen_statem.erl:900: :gen_statem.call_dirty/4
    (ssl 10.8.7) ssl_gen_statem.erl:1239: :ssl_gen_statem.call/2
    (ssl 10.8.7) ssl_gen_statem.erl:234: :ssl_gen_statem.handshake/2
    lib/tls_question.ex:16: TlsQuestion.main/0

It looks like it’s complaining about something I’m doing with the certificate and key files?

I’ve passed the certificate to the client as the CA certificate chain (since a self-signed certificate is its own certificate chain). Could that be the issue?

Most Liked

fwoodruff

fwoodruff

Thanks! I thought I’d tried that but this is the answer.

Where Next?

Popular in Questions Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
dotdotdotPaul
Okay, I’m having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I’m sure I’...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New

Other popular topics Top

danschultzer
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch. This project took far...
548 29377 241
New
vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
msaraiva
Surface is an experimental library built on top of Phoenix LiveView and its new LiveComponent API that aims to provide a more declarative...
564 43622 214
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 53690 245
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New

We're in Beta

About us Mission Statement