Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Erlang CI images #261

Merged
merged 2 commits into from
Sep 22, 2023
Merged

Update Erlang CI images #261

merged 2 commits into from
Sep 22, 2023

Conversation

nickva
Copy link
Collaborator

@nickva nickva commented Sep 22, 2023

  • Use latest patch levels for 24 and 25.
  • Add 26 to the list.

@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

Seeing

in call from eunit_proc:with_timeout/3 (eunit_proc.erl, line 346)
**error:{badmatch,
    {'EXIT',
        {{badmatch,
             {error,
                 {options,incompatible,
                     [{verify,verify_peer},{cacerts,undefined}]}}},

From https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults

@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

Trying to pass {verify, verify_none} showed another error:

=ERROR REPORT==== 22-Sep-2023::16:16:05.580047 ===
    application: mochiweb
    "Accept failed error"
    "{error,{tls_alert,{handshake_failure,\"TLS server: In state start at tls_server_connection_1_3.erl:686 generated SERVER ALERT: Fatal - Handshake Failure\\n unable_to_supply_acceptable_cert\"}}}"

Could be an issue with the how the certificate was generated (has is old signature algorithm). Looking at included server cert with sha1WithRSAEncryption:

% openssl x509 -in ./support/test-materials/test_ssl_cert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            92:e4:35:9c:c4:44:f2:14
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=localhost

nickva and others added 2 commits September 22, 2023 12:07
 * Use latest patch levels for 24 and 25.
 * Add 26 to the list.

In Erlang 26 TLS `verify` option switched the default value from `verify_none`
to `verify_peer` [1]. So had to explictly set it in the test client.

[1] https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults
@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

The updated certificate with Signature Algorithm: sha256WithRSAEncryption works. Thanks @etrepum!

Copy link
Member

@etrepum etrepum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a script that generates a new self-signed cert which appears to work and will be good for whoever looks at this next so they can see how they were generated. I did get a test failure once but I can't reproduce it locally and it didn't reproduce when I restarted the build 🤷🏻‍♂️

@etrepum etrepum merged commit 4e5372e into mochi:main Sep 22, 2023
@nickva
Copy link
Collaborator Author

nickva commented Sep 22, 2023

I added a script that generates a new self-signed cert which appears to work and will be good for whoever looks at this next so they can see how they were generated.

Thank you. That worked. I also noticed the failure afterwards, but It seemed like an unrelated flaky test.

@nickva nickva deleted the update-ci-images branch September 22, 2023 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants