Erlang OTP 26 ssl defaults #405
Description
OTP 26 changed the default verify option value in the ssl:connect from verify_none to verify_peer: https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults
This breaks most of the tsung SSL client code.
The final error looks like:
** Reason for termination ==
** {badarg,[{erlang,atom_to_list,
[{options,incompatible,
[{verify,verify_peer},{cacerts,undefined}]}],
[{error_info,#{module => erl_erts_errors}}]},
{ts_client,reconnect,5,
[{file,"src/tsung/ts_client.erl"},{line,1057}]},
{ts_client,handle_next_request,2,
[{file,"src/tsung/ts_client.erl"},{line,834}]},
{gen_fsm,handle_msg,8,[{file,"gen_fsm.erl"},{line,475}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,241}]}]}
Here is a quick and dirty patch, to possibly fix the issue:
diff --git a/src/tsung/ts_bosh.erl b/src/tsung/ts_bosh.erl
index 7ffc95d..aa1dd56 100644
--- a/src/tsung/ts_bosh.erl
+++ b/src/tsung/ts_bosh.erl
@@ -563,7 +563,7 @@ socket_connect(ssl, Host, Port, Options, Timeout) ->
% {ok, S} = gen_tcp:connect(Host, Port, [{active, false}|ForConnection], Timeout),
% ssl:connect(S, ForSSL, Timeout).
% ?LOGF("Connect ~p", [ForSSL], ?ERR),
- ssl:connect(Host, Port, [{ssl_imp, new}|Options], Timeout).
+ ssl:connect(Host, Port, [{ssl_imp, new}|Options] ++ [{verify, verify_none}], Timeout).
socket_send(tcp, Socket, Data) ->
diff --git a/src/tsung/ts_server_websocket_ssl.erl b/src/tsung/ts_server_websocket_ssl.erl
index 2c4ef27..d224e30 100644
--- a/src/tsung/ts_server_websocket_ssl.erl
+++ b/src/tsung/ts_server_websocket_ssl.erl
@@ -60,7 +60,7 @@ connect(Host, Port, Opts, Timeout) ->
Protocol = WSConfig#ws_config.subprotos,
Origin = WSConfig#ws_config.origin,
- case ssl:connect(Host, Port, opts_to_tcp_opts(TcpOpts),Timeout) of
+ case ssl:connect(Host, Port, opts_to_tcp_opts(TcpOpts) ++ [{verify, verify_none}],Timeout) of
{ok, Socket} ->
Pid = spawn_link(
fun() ->
diff --git a/src/tsung/ts_ssl.erl b/src/tsung/ts_ssl.erl
index 6f90172..7cee106 100644
--- a/src/tsung/ts_ssl.erl
+++ b/src/tsung/ts_ssl.erl
@@ -37,10 +37,10 @@ connect(Host, Port, Opts) when is_list(Host) ->
connect(Host, Port, opts_to_tcp_opts(Opts), infinity);
connect(Socket, Opts, ConnectTimeout) ->
- ssl:connect(Socket, opts_to_tcp_opts(Opts), ConnectTimeout).
+ ssl:connect(Socket, opts_to_tcp_opts(Opts) ++ [{verify, verify_none}], ConnectTimeout).
connect(Host, Port, Opts, ConnectTimeout) ->
- ssl:connect(Host, Port, opts_to_tcp_opts(Opts), ConnectTimeout).
+ ssl:connect(Host, Port, opts_to_tcp_opts(Opts) ++ [{verify, verify_none}], ConnectTimeout).
connect(Socket, Opts) ->
connect(Socket, Opts, infinity).
diff --git a/src/tsung/ts_ssl6.erl b/src/tsung/ts_ssl6.erl
index f0d5bf3..223b8aa 100644
--- a/src/tsung/ts_ssl6.erl
+++ b/src/tsung/ts_ssl6.erl
@@ -42,10 +42,10 @@ connect(Host, Port, Opts) when is_list(Host) ->
connect(Host, Port, Opts, infinity);
connect(Socket, Opts, ConnectTimeout) ->
- ssl:connect(Socket, Opts, ConnectTimeout).
+ ssl:connect(Socket, Opts ++ [{verify, verify_none}], ConnectTimeout).
connect(Host, Port, Opts, ConnectTimeout) ->
- ssl:connect(Host, Port, Opts, ConnectTimeout).
+ ssl:connect(Host, Port, Opts ++ [{verify, verify_none}], ConnectTimeout).
connect(Socket, Opts) ->
connect(Socket, Opts, infinity).
diff --git a/src/tsung_recorder/ts_proxy_http.erl b/src/tsung_recorder/ts_proxy_http.erl
index ca23646..484809f 100644
--- a/src/tsung_recorder/ts_proxy_http.erl
+++ b/src/tsung_recorder/ts_proxy_http.erl
@@ -260,7 +260,7 @@ connect(Scheme, Host, Port)->
case Scheme of
https ->
{ok, _} = ssl:connect(Host,Port,
- [{active, once}]);
+ [{active, once}] ++ [{verify, verify_none}]);
_ ->
{ok, _} = gen_tcp:connect(Host,Port,
[{active, once},