3 nodes - 1 server node s, 2 client nodes c1 and c2. all 3 configured for tls communication each with its own crt and key using long names.
[
{server, [
{certfile, "/home/xxx/tls-conf/s.pem"},
{cacertfile, "/home/xxx/tls-conf/ca.crt" },
{verify, verify_peer},
{fail_if_no_peer_cert, true},
{versions, ['tlsv1.3', 'tlsv1.2']},
% {log_level, debug},
{log_alert, true},
{sni_hosts, [{"s.xxx.de", []}]},
{secure_renegotiate, true}
]}
].
{client, [
{cacertfile, "/home/xxx/tls-conf/ca.crt" },
{certfile, "/home/xxx/tls-conf/c1.pem"},
{versions, ['tlsv1.3', 'tlsv1.2']},
{secure_renegotiate, true}
].
{client, [
{cacertfile, "/home/xxx/tls-conf/ca.crt" },
{certfile, "/home/xxx/tls-conf/c2.pem"},
{versions, ['tlsv1.3', 'tlsv1.2']},
{secure_renegotiate, true}
].
all 3 are starting without any issue.
started s followed by c1 and c2.
-
the nodes-list (nodes(). on c1 and c2 is empty and gen_server:multi_call(nodes(), …) both do not reach the server s.
-
on c1 executed net_adm:ping(s@fqdn) and the multicall works as expected from c1.
-
on c2 executed net_adm:ping(s@fqdn) and the multicall works as expected from c2.
but then the nodes-list on c1 is empty and the multicall has no effect when executed on c1.
after several net_adm:ping(s@fqdn) on c1 the nodelist contains s again on c1 but is empty on c2.
when i reconfigure the 3 nodes to use unencrypted communication everything works as expected.
questions:
-
did i miss anything?
-
what can i do to get this surprising behaviour fixed?
thanks for any hints.
addendum: forgot to mention - otp_27.2.3 on all nodes.