[erlang-bugs] missing function clause in ssl_connection:handle_alert

Matthias Radestock <>
Thu Aug 2 00:35:32 CEST 2012


We got the following process crash report from a user running R15B01 
(trimmed somewhat to hide private key material):

=CRASH REPORT==== 31-Jul-2012::11:49:27 ===
   crasher:
     initial call: ssl_connection:init/1
     pid: <0.2005.0>
     registered_name: []
     exception exit: {function_clause,
                      [{ssl_connection,handle_alert,
                        [{alert,1,41,{"ssl_connection.erl",1678}},
                         certify,
                         {state,server,
                          {#Ref<0.0.0.3519>,<0.2004.0>},
                          gen_tcp,tcp,tcp_closed,tcp_error,"localhost",5673,
                          #Port<0.6927>,
                          {ssl_options,[],verify_peer,
                           {#Fun<ssl.3.54384637>,
                            #Fun<rabbit_networking.0.89858908>},
                           false,false,undefined,1,
                           "C:/certstore/server/cert.pem",undefined,
 
"C:/certstore/server/key.pem",undefined,undefined,
                           undefined,"C:/certstore/testca/cacert.pem",
                           undefined,undefined,
                           [<<0,57>>,
                            <<0,56>>,
                            <<0,53>>,
                            <<0,22>>,
                            <<0,19>>,
                            <<0,10>>,
                            <<0,51>>,
                            <<0,50>>,
                            <<0,47>>,
                            <<0,5>>,
                            <<0,4>>,
                            <<0,21>>,
                            <<0,9>>],
                           #Fun<ssl.0.54384637>,true,268435456,false,[],
                           undefined,false},
                          {socket_options,binary,0,0,0,false},
                          {connection_states, ...},
                          [],<<>>,<<>>,
                          {...},
                          [...],
                          262221,
                          {session, ...},
                          274512,ssl_session_cache,
                          {3,0},
                          undefined,true,rsa,undefined,
                          {'RSAPrivateKey','two-prime', ...},
                          {'DHParameter', ...},
                          undefined,undefined,#Ref<0.0.0.3523>,
                          {<0.2004.0>,#Ref<0.0.0.3539>},
                          0,<<>>,true,
                          {false,first},
                          undefined,
                          {[],[]},
                          false,true}],
                        [{file,"ssl_connection.erl"},{line,2179}]},
                       {ssl_connection,handle_alerts,2,
                        [{file,"ssl_connection.erl"},{line,2177}]},
 
{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},
                       {proc_lib,init_p_do_apply,3,
                        [{file,"proc_lib.erl"},{line,227}]}]}
       in function  gen_fsm:terminate/7 (gen_fsm.erl, line 611)
     ancestors: [ssl_connection_sup,ssl_sup,<0.225.0>]
     messages: []
     links: [<0.228.0>]
     dictionary: [{ssl_manager,ssl_manager}]
     trap_exit: false
     status: running
     heap_size: 2584
     stack_size: 24
     reductions: 2959
   neighbours:


Sure enough there's no handle_alert function clause that matches on an 
#alert.description=41. Indeed that alert code isn't even mentioned at 
ssl_alert.hrl or the rfc 2246 on which that list is supposedly based. It 
is however shown in rfc 5246 as 'no_certificate_RESERVED', and, as 
evidenced above, clearly can pop out of the ssl libraries under some 
circumstances.


Regards,

Matthias.


More information about the erlang-bugs mailing list