ssl_verify_fun_cert_helpers.erl

Questions / Help
,
1

mix compile results in the following:

mix compile
==> ssl_verify_fun
Compiling 7 files (.erl)
src/ssl_verify_fun_cert_helpers.erl:13:14: can't find include lib "public_key/include/public_key.hrl"
%   13| -include_lib("public_key/include/public_key.hrl").
%     |              ^

src/ssl_verify_fun_cert_helpers.erl:23:34: undefined macro 'id-ce-subjectAltName'
%   23|   AltSubject = select_extension(?'id-ce-subjectAltName', Extensions),
%     |                                  ^

src/ssl_verify_fun_cert_helpers.erl:9:2: function extract_dns_names/1 undefined
%    9| -export([extract_dns_names/1,
%     |  ^

src/ssl_verify_fun_cert_helpers.erl:19:2: spec for undefined function extract_dns_names/1
%   19| -spec extract_dns_names(Cert :: #'OTPCertificate'{}) -> [] | [string()].
%     |  ^

src/ssl_verify_fun_cert_helpers.erl:19:33: record 'OTPCertificate' undefined
%   19| -spec extract_dns_names(Cert :: #'OTPCertificate'{}) -> [] | [string()].
%     |                                 ^

src/ssl_verify_fun_cert_helpers.erl:32:26: record 'OTPCertificate' undefined
%   32| -spec extract_cn(Cert :: #'OTPCertificate'{}) -> {error, no_common_name} | {ok, string()} | {error, invalid}.
%     |                          ^

src/ssl_verify_fun_cert_helpers.erl:34:17: record 'OTPCertificate' undefined
%   34|   TBSCert = Cert#'OTPCertificate'.tbsCertificate,
%     |                 ^

src/ssl_verify_fun_cert_helpers.erl:35:32: record 'OTPTBSCertificate' undefined
%   35|   {rdnSequence, List} = TBSCert#'OTPTBSCertificate'.subject,
%     |                                ^

src/ssl_verify_fun_cert_helpers.erl:38:26: record 'OTPCertificate' undefined
%   38| -spec extract_pk(Cert :: #'OTPCertificate'{}) -> {error, no_common_name} | #'SubjectPublicKeyInfo'{}.
%     |                          ^

src/ssl_verify_fun_cert_helpers.erl:38:76: record 'SubjectPublicKeyInfo' undefined
%   38| -spec extract_pk(Cert :: #'OTPCertificate'{}) -> {error, no_common_name} | #'SubjectPublicKeyInfo'{}.
%     |                                                                            ^

src/ssl_verify_fun_cert_helpers.erl:40:17: record 'OTPCertificate' undefined
%   40|   TBSCert = Cert#'OTPCertificate'.tbsCertificate,
%     |                 ^

src/ssl_verify_fun_cert_helpers.erl:41:26: record 'OTPTBSCertificate' undefined
%   41|   PublicKeyInfo = TBSCert#'OTPTBSCertificate'.subjectPublicKeyInfo,
%     |                          ^

src/ssl_verify_fun_cert_helpers.erl:42:16: record 'OTPSubjectPublicKeyInfo' undefined
%   42|   PublicKeyInfo#'OTPSubjectPublicKeyInfo'.subjectPublicKey.
%     |                ^

src/ssl_verify_fun_cert_helpers.erl:48:24: record 'Extension' undefined
%   48| -spec extensions_list([#'Extension'{}] | asn1_NOVALUE) -> [] | [#'Extension'{}].
%     |                        ^

src/ssl_verify_fun_cert_helpers.erl:48:65: record 'Extension' undefined
%   48| -spec extensions_list([#'Extension'{}] | asn1_NOVALUE) -> [] | [#'Extension'{}].
%     |                                                                 ^

src/ssl_verify_fun_cert_helpers.erl:55:39: record 'Extension' undefined
%   55| -spec select_extension(Id :: term(), [#'Extension'{}]) -> undefined | #'Extension'{}.
%     |                                       ^

src/ssl_verify_fun_cert_helpers.erl:55:71: record 'Extension' undefined
%   55| -spec select_extension(Id :: term(), [#'Extension'{}]) -> undefined | #'Extension'{}.
%     |                                                                       ^

src/ssl_verify_fun_cert_helpers.erl:57:28: record 'Extension' undefined
%   57|   Matching = [Extension || #'Extension'{extnID = ExtId} = Extension <- Extensions, ExtId =:= Id],
%     |                            ^

src/ssl_verify_fun_cert_helpers.erl:57:84: variable 'ExtId' is unbound
%   57|   Matching = [Extension || #'Extension'{extnID = ExtId} = Extension <- Extensions, ExtId =:= Id],
%     |                                                                                    ^

src/ssl_verify_fun_cert_helpers.erl:75:15: record 'AttributeTypeAndValue' undefined
%   75| extract_cn2([[#'AttributeTypeAndValue'{type={2, 5, 4, 3},
%     |               ^

src/ssl_verify_fun_cert_helpers.erl:77:39: variable 'CN' is unbound
%   77|   ssl_verify_fun_encodings:get_string(CN);
%     |                                       ^

src/ssl_verify_fun_cert_helpers.erl:49:1: Warning: function extensions_list/1 is unused
%   49| extensions_list(E) ->
%     | ^

src/ssl_verify_fun_cert_helpers.erl:56:1: Warning: function select_extension/2 is unused
%   56| select_extension(Id, Extensions) ->
%     | ^

src/ssl_verify_fun_cert_helpers.erl:64:1: Warning: function extract_dns_names_from_alt_names/2 is unused
%   64| extract_dns_names_from_alt_names([ExtValue | Rest], Acc) ->
%     | ^

src/ssl_verify_hostname.erl:16:14: can't find include lib "public_key/include/public_key.hrl"
%   16| -include_lib("public_key/include/public_key.hrl").
%     |              ^

src/ssl_verify_fingerprint.erl:15:14: can't find include lib "public_key/include/public_key.hrl"
%   15| -include_lib("public_key/include/public_key.hrl").
%     |              ^

src/ssl_verify_hostname.erl:28:26: record 'OTPCertificate' undefined
%   28| -spec verify_fun(Cert :: #'OTPCertificate'{},
%     |                          ^

src/ssl_verify_hostname.erl:30:39: record 'Extension' undefined
%   30|                           {extension, #'Extension'{}}, InitialUserState :: term()) ->
%     |                                       ^

src/ssl_verify_hostname.erl:46:36: record 'OTPCertificate' undefined
%   46| -spec verify_cert_hostname(Cert :: #'OTPCertificate'{}, Hostname :: hostname()) ->
%     |                                    ^

src/ssl_verify_fingerprint.erl:27:26: record 'OTPCertificate' undefined
%   27| -spec verify_fun(Cert :: #'OTPCertificate'{},
%     |                          ^

src/ssl_verify_hostname.erl:76:38: record 'OTPCertificate' undefined
%   76|                              Cert :: #'OTPCertificate'{},
%     |                                      ^

src/ssl_verify_fingerprint.erl:29:39: record 'Extension' undefined
%   29|                           {extension, #'Extension'{}}, InitialUserState :: term()) ->
%     |                                       ^

src/ssl_verify_fingerprint.erl:52:39: record 'OTPCertificate' undefined
%   52| -spec verify_cert_fingerprint(Cert :: #'OTPCertificate'{}, Fingerprint :: fingerprint()) ->
%     |                                       ^

src/ssl_verify_pk.erl:14:14: can't find include lib "public_key/include/public_key.hrl"
%   14| -include_lib("public_key/include/public_key.hrl").
%     |              ^

src/ssl_verify_pk.erl:26:26: record 'OTPCertificate' undefined
%   26| -spec verify_fun(Cert :: #'OTPCertificate'{},
%     |                          ^

src/ssl_verify_pk.erl:28:39: record 'Extension' undefined
%   28|                           {extension, #'Extension'{}}, InitialUserState :: term()) ->
%     |                                       ^

src/ssl_verify_pk.erl:51:30: record 'OTPCertificate' undefined
%   51| -spec verify_cert_pk(Cert :: #'OTPCertificate'{}, Pk :: pk()) ->
%     |                              ^

could not compile dependency :ssl_verify_fun, "mix compile" failed. Errors may have been logged above. You can recompile this dependency with "mix deps.compile ssl_verify_fun", update it with "mix deps.update ssl_verify_fun" or clean it with "mix deps.clean ssl_verify_fun"

I tried to upgrade my erlang-dev which didn’t work out for me. This project runs on another ubuntu, please help.

2

It looks like the public_key application is not installed. Some Linux distros let you install a subset of Erlang/OTP by selecting individual applications/bundles starting from a minimal erlang-base. To get public_key you’d have to install the erlang-public-key package.

I would recommend you install the entire OTP application suite, as most Erlang applications assume that everything that’s part of the standard distribution is available. If other applications are missing you’re likely to run into similar issues, sometimes with even more cryptic error messages.

3

With sudo apt upgrade erlang-public-key I got:
“erlang-public-key is already the newest version (1:24.2.1+dfsg-1ubuntu0.1)” and it still throws the same errors when trying mix compile.
I also tried sudo apt full-upgrade erlang-src

4

Depending on how you installed erlang, for example if you compiled it from source with asdf manager, then you will have to install your missing packages and recompile OTP.

From my side it seems that you might be missing OpenSSL, check when OTP is compiled that packages like public_key and crypto are not showed in the list of packages that are not installed.

5

Ah, I believe the issue is related to Elixir 1.15’s selective inclusion of applications in the load path during compilation. The Mix file of ssl_verify_fun does not state that it depends on public_key. There is an open issue about that: Include application specification for mix.exs by josevalim · Pull Request #27 · deadtrickster/ssl_verify_fun.erl · GitHub

I guess on your other machine you are using an older version of Elixir.

As a workaround you can add prune_code_paths: false to your mix project config. Alternatively you can define the ssl_verify_fun to use Rebar3 as the build tool: {:ssl_verify_fun, "~> 1.1", manager: :rebar3}.

3 Likes
6

Okay, so prune_code_paths: false allows compilation, but now my front-end is inoperative, mix phx.server and throws warnings like:

mix phx.server
warning: the :phoenix compiler is no longer required in your mix.exs.

Please find the following line in your mix.exs and remove the :phoenix entry:

    compilers: [..., :phoenix, ...] ++ Mix.compilers(),

  (phoenix 1.7.2) lib/mix/tasks/compile.phoenix.ex:8: Mix.Tasks.Compile.Phoenix.run/1
  (mix 1.15.0-dev) lib/mix/task.ex:406: anonymous fn/3 in Mix.Task.run_task/4
  (mix 1.15.0-dev) lib/mix/tasks/compile.all.ex:124: Mix.Tasks.Compile.All.run_compiler/2
  (mix 1.15.0-dev) lib/mix/tasks/compile.all.ex:104: Mix.Tasks.Compile.All.compile/4
  (mix 1.15.0-dev) lib/mix/tasks/compile.all.ex:93: Mix.Tasks.Compile.All.with_logger_app/2
  (mix 1.15.0-dev) lib/mix/tasks/compile.all.ex:56: Mix.Tasks.Compile.All.run/1

adding {:ssl_verify_fun, "~> 1.1", manager: :rebar3} to my dependencies will result in an error:

Unchecked dependencies for environment dev:
* ssl_verify_fun (Hex package)
  the dependency ssl_verify_fun in mix.exs is overriding a child dependency:

  > In mix.exs:
    {:ssl_verify_fun, "~> 1.1", [env: :prod, hex: "ssl_verify_fun", repo: "hexpm"]}

  > In deps/hackney/rebar.config:
    {:ssl_verify_fun, "~> 1.1.0", [env: :prod, hex: "ssl_verify_fun", repo: "hexpm", optional: false]}

  Ensure they match or specify one of the above in your deps and set "override: true"
** (Mix) Can't continue due to errors on dependencies
7

warning: the :phoenix compiler is no longer required in your mix.exs.

This warning should not impact your application, and it is not related to the ssl_verify_fun or prune_code_paths: false in any way. You can suppress the warning by making the changes in your mix.exs as described there. If there is a problem running your application there must be another reason.

Unchecked dependencies for environment dev:

You should be able to use {:ssl_verify_fun, "~> 1.1", manager: :rebar3, override: true} in your dependencies to override the dependency parameters specified by Hackney.