Skip to content

Bump Erlang/OTP to 27.3.4.12#173

Merged
ericmj merged 1 commit into
mainfrom
bump-erlang-27.3.4.12
May 31, 2026
Merged

Bump Erlang/OTP to 27.3.4.12#173
ericmj merged 1 commit into
mainfrom
bump-erlang-27.3.4.12

Conversation

@ericmj
Copy link
Copy Markdown
Member

@ericmj ericmj commented May 31, 2026

OTP 27.2 rejects the new Let's Encrypt "Gen Y" certificate chain served by hex.pm with a TLS key_usage_mismatch error, caused by an over-strict extended-key-usage check on intermediate CA certificates. The fix shipped in OTP 27.2.2 (public_key OTP-19240, GH-9208); 27.3.4.12 is the latest 27.x patch.

Verified empirically: a verify_peer TLS handshake to hex.pm:443 from the exact hexpm/elixir:1.18.1-erlang-27.2-... image fails with unsupported_certificate / key_usage_mismatch, while 27.3.4.12 succeeds.

The Debian base date is bumped to bookworm-20260518 to match an available image tag for the new OTP patch.

@ericmj
Bump Erlang/OTP to 27.3
2e4c31d 
OTP 27.2 rejects the new Let's Encrypt "Gen Y" certificate chain served
by hex.pm with a TLS key_usage_mismatch error, due to an over-strict
extended key usage check on intermediate CA certs. The fix shipped in
OTP 27.2.2 (public_key OTP-19240, GH-9208); 27.3 is the latest
multi-arch base image tag carrying it. Bump the Debian base date to match.
@ericmj ericmj force-pushed the bump-erlang-27.3.4.12 branch from 9bcf86f to 2e4c31d Compare May 31, 2026 19:24
@ericmj ericmj merged commit f68eb1f into main May 31, 2026
12 checks passed
@ericmj ericmj deleted the bump-erlang-27.3.4.12 branch May 31, 2026 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericmj