We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OTP 26 changed the default verify option value in the ssl:connect from verify_none to verify_peer: https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults
verify
ssl:connect
verify_none
verify_peer
This breaks most of the tsung SSL client code.
The final error looks like:
** Reason for termination == ** {badarg,[{erlang,atom_to_list, [{options,incompatible, [{verify,verify_peer},{cacerts,undefined}]}], [{error_info,#{module => erl_erts_errors}}]}, {ts_client,reconnect,5, [{file,"src/tsung/ts_client.erl"},{line,1057}]}, {ts_client,handle_next_request,2, [{file,"src/tsung/ts_client.erl"},{line,834}]}, {gen_fsm,handle_msg,8,[{file,"gen_fsm.erl"},{line,475}]}, {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,241}]}]}
Here is a quick and dirty patch, to possibly fix the issue:
diff --git a/src/tsung/ts_bosh.erl b/src/tsung/ts_bosh.erl index 7ffc95d..aa1dd56 100644 --- a/src/tsung/ts_bosh.erl +++ b/src/tsung/ts_bosh.erl @@ -563,7 +563,7 @@ socket_connect(ssl, Host, Port, Options, Timeout) -> % {ok, S} = gen_tcp:connect(Host, Port, [{active, false}|ForConnection], Timeout), % ssl:connect(S, ForSSL, Timeout). % ?LOGF("Connect ~p", [ForSSL], ?ERR), - ssl:connect(Host, Port, [{ssl_imp, new}|Options], Timeout). + ssl:connect(Host, Port, [{ssl_imp, new}|Options] ++ [{verify, verify_none}], Timeout). socket_send(tcp, Socket, Data) -> diff --git a/src/tsung/ts_server_websocket_ssl.erl b/src/tsung/ts_server_websocket_ssl.erl index 2c4ef27..d224e30 100644 --- a/src/tsung/ts_server_websocket_ssl.erl +++ b/src/tsung/ts_server_websocket_ssl.erl @@ -60,7 +60,7 @@ connect(Host, Port, Opts, Timeout) -> Protocol = WSConfig#ws_config.subprotos, Origin = WSConfig#ws_config.origin, - case ssl:connect(Host, Port, opts_to_tcp_opts(TcpOpts),Timeout) of + case ssl:connect(Host, Port, opts_to_tcp_opts(TcpOpts) ++ [{verify, verify_none}],Timeout) of {ok, Socket} -> Pid = spawn_link( fun() -> diff --git a/src/tsung/ts_ssl.erl b/src/tsung/ts_ssl.erl index 6f90172..7cee106 100644 --- a/src/tsung/ts_ssl.erl +++ b/src/tsung/ts_ssl.erl @@ -37,10 +37,10 @@ connect(Host, Port, Opts) when is_list(Host) -> connect(Host, Port, opts_to_tcp_opts(Opts), infinity); connect(Socket, Opts, ConnectTimeout) -> - ssl:connect(Socket, opts_to_tcp_opts(Opts), ConnectTimeout). + ssl:connect(Socket, opts_to_tcp_opts(Opts) ++ [{verify, verify_none}], ConnectTimeout). connect(Host, Port, Opts, ConnectTimeout) -> - ssl:connect(Host, Port, opts_to_tcp_opts(Opts), ConnectTimeout). + ssl:connect(Host, Port, opts_to_tcp_opts(Opts) ++ [{verify, verify_none}], ConnectTimeout). connect(Socket, Opts) -> connect(Socket, Opts, infinity). diff --git a/src/tsung/ts_ssl6.erl b/src/tsung/ts_ssl6.erl index f0d5bf3..223b8aa 100644 --- a/src/tsung/ts_ssl6.erl +++ b/src/tsung/ts_ssl6.erl @@ -42,10 +42,10 @@ connect(Host, Port, Opts) when is_list(Host) -> connect(Host, Port, Opts, infinity); connect(Socket, Opts, ConnectTimeout) -> - ssl:connect(Socket, Opts, ConnectTimeout). + ssl:connect(Socket, Opts ++ [{verify, verify_none}], ConnectTimeout). connect(Host, Port, Opts, ConnectTimeout) -> - ssl:connect(Host, Port, Opts, ConnectTimeout). + ssl:connect(Host, Port, Opts ++ [{verify, verify_none}], ConnectTimeout). connect(Socket, Opts) -> connect(Socket, Opts, infinity). diff --git a/src/tsung_recorder/ts_proxy_http.erl b/src/tsung_recorder/ts_proxy_http.erl index ca23646..484809f 100644 --- a/src/tsung_recorder/ts_proxy_http.erl +++ b/src/tsung_recorder/ts_proxy_http.erl @@ -260,7 +260,7 @@ connect(Scheme, Host, Port)-> case Scheme of https -> {ok, _} = ssl:connect(Host,Port, - [{active, once}]); + [{active, once}] ++ [{verify, verify_none}]); _ -> {ok, _} = gen_tcp:connect(Host,Port, [{active, once},
The text was updated successfully, but these errors were encountered:
I have same problem.
Sorry, something went wrong.
No branches or pull requests
OTP 26 changed the default
verify
option value in thessl:connect
fromverify_none
toverify_peer
: https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaultsThis breaks most of the tsung SSL client code.
The final error looks like:
Here is a quick and dirty patch, to possibly fix the issue:
The text was updated successfully, but these errors were encountered: