I have a little escript file that connects to a node and does some rpc calls and stuff...
It works fine for short or longnames but relies on standard http comms for distributed Erlang.
I would like to use it but with https/SSL for distribution.
To start a 'normal' Erlang system with SSL you have to pass in the various flags to tell Erlang to run that way, as the documentation suggests:
$ ERL_FLAGS="-boot \"/home/me/ssl/start_ssl\" -proto_dist inet_ssl
-ssl_dist_opt client_certfile \"/home/me/ssl/erlclient.pem\"
-ssl_dist_opt server_certfile \"/home/me/ssl/erlserver.pem\"
-ssl_dist_opt verify 1 -ssl_dist_opt depth 1"
$ export ERL_FLAGS
$ erl -sname ssl_test
This replaces the default distribution mechanism (inet_tcp_dist) with the ssl one (inet_ssl_dist).
escript runs an erlang file as a shell scripting file.
My questions are:
You don't have to set these flags via the environment, you can also pass them directly to erl, see ch. 1.4 here. erl flags can be passed to escript via the %%! argument line.
z.escript
#!/usr/bin/env escript
%%! -boot start_ssl -proto_dist inet_ssl -ssl_dist_opt client_certfile /home/me/ssl/erlclient.pem -ssl_dist_opt server_certfile /home/me/ssl/erlserver.pem -ssl_dist_opt verify 1 -ssl_dist_opt depth 1
main(_) ->
io:format("~p~n", [init:get_arguments()]).
zed@zed:~$ ./z.escript
[{root,["/opt/erlang-R13B03/lib/erlang"]},
{progname,["erl"]},
{home,["/home/zed"]},
{boot,["start_clean"]},
{noshell,[]},
{boot,["start_ssl"]},
{proto_dist,["inet_ssl"]},
{ssl_dist_opt,["client_certfile","/home/me/ssl/erlclient.pem"]},
{ssl_dist_opt,["server_certfile","/home/me/ssl/erlserver.pem"]},
{ssl_dist_opt,["verify","1"]},
{ssl_dist_opt,["depth","1"]}]