Hello, I’ve been working on an upgrade of Elixir in one of our applications, from Erlang 22.1.1, Elixir 1.9.4, to Erlang 23.1, Elixir 1.11.2. After deploying to a staging environment, it appears that everything is working, however we are getting some new :info level logs that we are a bit concerned about.
TLS :client: In state :certify at ssl_handshake.erl:1952 generated CLIENT ALERT: Fatal - Handshake Failure - {:bad_cert, :hostname_check_failed}
Here are some deps that we updated, cowboy is static on 2.8.0
library
from
to
hackney
1.15.2
1.16.0
rebar3
0.4.1
0.5.0
phoenix
1.4.17
1.5.6
phoenix_pubsub
1.1.2
2.0.0
plug
1.10.4
1.11.0
plug_cowboy
2.3.0
2.4.1
We don’t have phoenix configured for https as we have a separate load balancer taking care of ssl termination.
I’m thinking this error is coming from HTTPoison/Hackney, but I’m not entirely sure how to resolve it. Any ideas?
Thanks, I indeed had found that already and updated. My TLS requests are working, they’re just logging that :info level warning from the erlang module, so it’s not a fix unfortunately.
So it turns out that it was the new_relic_agent causing these. We were on 1.4.0, and upgrading to 1.22.2 seems to have resolved the errors we were seeing in staging.
I believe this was resolved in 1.18.0 of new_relic_agent, via #197, where they dropped the :ssl_verify_fun dependency, and instead rely on OTP > 21.0’s pkix_verify_hostname_match_fun\1