From 6f68901d8df9538d44574040f1faef12346df92b Mon Sep 17 00:00:00 2001
From: Raimo Niskanen <raimo@erlang.org>
Date: Wed, 29 Nov 2017 10:28:31 +0100
Subject: Use -ssl_dist_optfile options

---
 lib/ssl/src/inet_tls_dist.erl | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lib/ssl/src/inet_tls_dist.erl')

diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 96782dcfc0..d9468aba1e 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -524,6 +524,17 @@ nodelay() ->
 
 
 get_ssl_options(Type) ->
+    try ets:lookup(ssl_dist_opts, Type) of
+        [{Type, Opts}] ->
+            [{erl_dist, true} | Opts];
+        _ ->
+            get_ssl_dist_arguments(Type)
+    catch
+        error:badarg ->
+            get_ssl_dist_arguments(Type)
+    end.
+
+get_ssl_dist_arguments(Type) ->
     case init:get_argument(ssl_dist_opt) of
 	{ok, Args} ->
 	    [{erl_dist, true} | ssl_options(Type, lists:append(Args))];
-- 
cgit v1.2.3


From 2fcb213117670bad6a9009caef8ced5b6397fdb2 Mon Sep 17 00:00:00 2001
From: Raimo Niskanen <raimo@erlang.org>
Date: Wed, 29 Nov 2017 10:42:48 +0100
Subject: Use SNI when connecting

---
 lib/ssl/src/inet_tls_dist.erl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src/inet_tls_dist.erl')

diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index d9468aba1e..639ae43131 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -357,7 +357,11 @@ do_setup(Driver, Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
 	    ErlEpmd = net_kernel:epmd_module(),
 	    case ErlEpmd:port_please(Name, Ip) of
 		{port, TcpPort, Version} ->
-                    Opts = trace(connect_options(get_ssl_options(client))),
+                    Opts =
+                        trace(
+                          connect_options(
+                            [{server_name_indication, atom_to_list(Node)}
+                             |get_ssl_options(client)])),
 		    dist_util:reset_timer(Timer),
                     case ssl:connect(
                            Address, TcpPort,
-- 
cgit v1.2.3


From e6be253c9968f71038347b25a157c1c01080e95f Mon Sep 17 00:00:00 2001
From: Raimo Niskanen <raimo@erlang.org>
Date: Wed, 29 Nov 2017 11:20:17 +0100
Subject: Polish SSL distribution

---
 lib/ssl/src/inet_tls_dist.erl | 47 +++++++++++++++++++++----------------------
 1 file changed, 23 insertions(+), 24 deletions(-)

(limited to 'lib/ssl/src/inet_tls_dist.erl')

diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 639ae43131..8e605bec65 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -324,12 +324,13 @@ do_accept(Driver, Kernel, AcceptPid, DistCtrl, MyNode, Allowed, SetupTime) ->
                           timer = Timer,
                           this_flags = 0,
                           allowed = Allowed},
+                    link(DistCtrl),
 		    dist_util:handshake_other_started(trace(HSData));
 		{false,IP} ->
 		    error_logger:error_msg(
                       "** Connection attempt from "
                       "disallowed IP ~w ** ~n", [IP]),
-		    ?shutdown(trace(no_node))
+		    ?shutdown2(no_node, trace({disallowed, IP}))
 	    end
     end.
 
@@ -382,21 +383,26 @@ do_setup(Driver, Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
                                   this_flags = 0,
                                   other_version = Version,
                                   request_type = Type},
+                            link(DistCtrl),
 			    dist_util:handshake_we_started(trace(HSData));
 			Other ->
 			    %% Other Node may have closed since 
 			    %% port_please !
 			    ?shutdown2(
                                Node,
-                               trace({shutdown, {connect_failed, Other}}))
+                               trace(
+                                 {ssl_connect_failed, Ip, TcpPort, Other}))
 		    end;
 		Other ->
 		    ?shutdown2(
                        Node,
-                       trace({shutdown, {port_please_failed, Other}}))
+                       trace(
+                         {port_please_failed, ErlEpmd, Name, Ip, Other}))
 	    end;
 	Other ->
-	    ?shutdown2(Node, trace({shutdown, {getaddr_failed, Other}}))
+	    ?shutdown2(
+               Node,
+               trace({getaddr_failed, Driver, Address, Other}))
     end.
 
 close(Socket) ->
@@ -415,8 +421,9 @@ check_ip(Driver, SslSocket) ->
 	    case get_ifs(SslSocket) of
 		{ok, IFs, IP} ->
 		    check_ip(Driver, IFs, IP);
-		_ ->
-		    ?shutdown(no_node)
+		Other ->
+		    ?shutdown2(
+                       no_node, trace({check_ip_failed, SslSocket, Other}))
 	    end;
 	_ ->
 	    true
@@ -445,23 +452,22 @@ get_ifs(#sslsocket{fd = {gen_tcp, Socket, _}}) ->
 
 %% If Node is illegal terminate the connection setup!!
 splitnode(Driver, Node, LongOrShortNames) ->
-    case split_node(atom_to_list(Node), $@, []) of
-	[Name|Tail] when Tail =/= [] ->
-	    Host = lists:append(Tail),
+    case string:split(atom_to_list(Node), "@") of
+	[Name, Host] when Host =/= [] ->
 	    check_node(Driver, Name, Node, Host, LongOrShortNames);
 	[_] ->
 	    error_logger:error_msg(
               "** Nodename ~p illegal, no '@' character **~n",
               [Node]),
-	    ?shutdown(Node);
+	    ?shutdown2(Node, trace({illegal_node_n@me, Node}));
 	_ ->
 	    error_logger:error_msg(
               "** Nodename ~p illegal **~n", [Node]),
-	    ?shutdown(Node)
+	    ?shutdown2(Node, trace({illegal_node_name, Node}))
     end.
 
 check_node(Driver, Name, Node, Host, LongOrShortNames) ->
-    case split_node(Host, $., []) of
+    case string:split(Host, ".") of
 	[_] when LongOrShortNames == longnames ->
 	    case Driver:parse_address(Host) of
 		{ok, _} ->
@@ -472,35 +478,28 @@ check_node(Driver, Name, Node, Host, LongOrShortNames) ->
                       "fully qualified hostnames **~n"
                       "** Hostname ~s is illegal **~n",
                       [Host]),
-		    ?shutdown(Node)
+		    ?shutdown2(Node, trace({not_longnames, Host}))
 	    end;
-	[_, _ | _] when LongOrShortNames == shortnames ->
+	[_, _] when LongOrShortNames == shortnames ->
 	    error_logger:error_msg(
               "** System NOT running to use "
               "fully qualified hostnames **~n"
               "** Hostname ~s is illegal **~n",
               [Host]),
-	    ?shutdown(Node);
+	    ?shutdown2(Node, trace({not_shortnames, Host}));
 	_ ->
 	    [Name, Host]
     end.
 
 split_node(Node) when is_atom(Node) ->
-    case split_node(atom_to_list(Node), $@, []) of
-        [_, Host] ->
+    case string:split(atom_to_list(Node), "@") of
+        [Name, Host] when Name =/= [], Host =/= [] ->
             Host;
         _ ->
             false
     end;
 split_node(_) ->
     false.
-%%
-split_node([Chr|T], Chr, Ack) -> 
-    [lists:reverse(Ack)|split_node(T, Chr, [])];
-split_node([H|T], Chr, Ack) -> 
-    split_node(T, Chr, [H|Ack]);
-split_node([], _, Ack) -> 
-    [lists:reverse(Ack)].
 
 %% -------------------------------------------------------------------------
 
-- 
cgit v1.2.3