[erlang-bugs] Crash in SSL

Thu Aug 9 00:43:45 CEST 2012

We are experiencing a crash in ssl when trying to establish
connections to websites with seemingly valid ssl certificates.  Going
to the following domains in a normal web browser will give a green
light.  Trying to connect to them using ssl:connect gives a crash.
This crash occurs even with verify_none turned on.

Some example domains are www.farmbureaubank.com and login.secureserver.net

ssl:connect is working in general which is shown by the google.com example.

Cheers,

Daniel

1> ssl:connect("google.com", 443,  [], infinity).
{ok,{sslsocket,new_ssl,<0.8447.0>}}
2> ssl:connect("login.secureserver.net", 443,  [{verify,
verify_none}], infinity).
** exception exit: {{{badmatch,
                         {error,
                             {asn1,
                                 {{case_clause,19},
                                  [{'OTP-PUB-KEY',
                                       check_and_convert_restricted_string,5,
                                       [{file,"OTP-PUB-KEY.erl"},
                                        {line,14122}]},
                                   {'OTP-PUB-KEY',decode,2,
                                       [{file,"OTP-PUB-KEY.erl"},{line,493}]},
                                   {pubkey_cert_records,transform,2,
                                       [{file,"pubkey_cert_records.erl"},
                                        {line,60}]},
                                   {lists,map,2,
                                       [{file,"lists.erl"},{line,1173}]},
                                   {pubkey_cert_records,transform,2,
                                       [{file,"pubkey_cert_records.erl"},
                                        {line,72}]},
                                   {pubkey_cert_records,decode_tbs,1,
                                       [{file,"pubkey_cert_records.erl"},
                                        {line,190}]},
                                   {pubkey_cert_records,decode_cert,1,
                                       [{file,"pubkey_cert_records.erl"},
                                        {line,40}]},
                                   {public_key,pkix_decode_cert,2,
                                       [{file,"public_key.erl"},
                                        {line,211}]}]}}}},
                     [{public_key,pkix_decode_cert,2,
                          [{file,"public_key.erl"},{line,215}]},
                      {public_key,path_validation,2,
                          [{file,"public_key.erl"},{line,605}]},
                      {ssl_handshake,certify,7,
                          [{file,"ssl_handshake.erl"},{line,218}]},
                      {ssl_connection,certify,2,
                          [{file,"ssl_connection.erl"},{line,514}]},
                      {ssl_connection,next_state,4,
                          [{file,"ssl_connection.erl"},{line,1929}]},
                      {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},
                      {proc_lib,init_p_do_apply,3,
                          [{file,"proc_lib.erl"},{line,227}]}]},
                    {gen_fsm,sync_send_all_state_event,
                        [<0.8453.0>,start,infinity]}}
     in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line 240)
     in call from ssl_connection:sync_send_all_state_event/3
(ssl_connection.erl, line 1195)
     in call from ssl_connection:handshake/2 (ssl_connection.erl, line 167)
     in call from ssl_connection:start_fsm/8 (ssl_connection.erl, line 1037)
     in call from ssl_connection:connect/7 (ssl_connection.erl, line 139)
18:40:19.798 [error] gen_fsm <0.8453.0> in state certify terminated
with reason: no match of right hand value
{error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
in public_key:pkix_decode_cert/2 line 215
18:40:19.931 [error] CRASH REPORT Process <0.8453.0> with 0 neighbours
exited with reason: no match of right hand value
{error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
in public_key:pkix_decode_cert/2 line 215 in gen_fsm:terminate/7 line
611
18:40:19.970 [error] Supervisor ssl_connection_sup had child undefined
started with {ssl_connection,start_link,undefined} at <0.8453.0> exit
with reason no match of right hand value
{error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
in public_key:pkix_decode_cert/2 line 215 in context child_terminated