[erlang-bugs] Crash in SSL

Daniel Luna daniel@REDACTED
Tue Aug 21 23:07:15 CEST 2012


Running a recent version of Ubuntu.

> uname -a
Linux spawn 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux

I retested from a fresh clone of maint and the bug is still present.

Cheers,

Daniel

ps. Ingela, you don't seem to be on the whitelist for being allowed to
post to the list.  Your reply is not in the list archives.


On 21 August 2012 15:32, Daniel Luna <daniel@REDACTED> wrote:
> I'm using Erlang R15B01.  This bug was also present in R14.
>
> This problem is also present in a recent version of maint.
>
> Erlang R15B01 (erts-5.9.1) [source] [64-bit] [smp:6:6]
> [async-threads:0] [kernel-poll:false]
>
> Eshell V5.9.1  (abort with ^G)
> 1> application:start(crypto).
> ok
> 2> application:start(public_key).
> ok
> 3> application:start(ssl).
> ok
> 4> ssl:connect("login.secureserver.net", 443, [], infinity).
> ** exception exit: {{{badmatch,
>                          {error,
>                              {asn1,
>                                  {{case_clause,19},
>                                   [{'OTP-PUB-KEY',
>                                        check_and_convert_restricted_string,5,
>                                        [{file,"OTP-PUB-KEY.erl"},
>                                         {line,14122}]},
>
> Cheers,
>
> Daniel
>
>
> On 14 August 2012 11:02, Ingela Anderton Andin
> <ingela.anderton.andin@REDACTED> wrote:
>> Hi!
>>
>> Which versions of the ssl application and Erlang/OTP  are you running?
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>> Daniel Luna wrote:
>>>
>>> We are experiencing a crash in ssl when trying to establish
>>> connections to websites with seemingly valid ssl certificates.  Going
>>> to the following domains in a normal web browser will give a green
>>> light.  Trying to connect to them using ssl:connect gives a crash.
>>> This crash occurs even with verify_none turned on.
>>>
>>> Some example domains are www.farmbureaubank.com and login.secureserver.net
>>>
>>> ssl:connect is working in general which is shown by the google.com
>>> example.
>>>
>>> Cheers,
>>>
>>> Daniel
>>>
>>> 1> ssl:connect("google.com", 443,  [], infinity).
>>> {ok,{sslsocket,new_ssl,<0.8447.0>}}
>>> 2> ssl:connect("login.secureserver.net", 443,  [{verify,
>>> verify_none}], infinity).
>>> ** exception exit: {{{badmatch,
>>>                          {error,
>>>                              {asn1,
>>>                                  {{case_clause,19},
>>>                                   [{'OTP-PUB-KEY',
>>>
>>> check_and_convert_restricted_string,5,
>>>                                        [{file,"OTP-PUB-KEY.erl"},
>>>                                         {line,14122}]},
>>>                                    {'OTP-PUB-KEY',decode,2,
>>>
>>> [{file,"OTP-PUB-KEY.erl"},{line,493}]},
>>>                                    {pubkey_cert_records,transform,2,
>>>                                        [{file,"pubkey_cert_records.erl"},
>>>                                         {line,60}]},
>>>                                    {lists,map,2,
>>>                                        [{file,"lists.erl"},{line,1173}]},
>>>                                    {pubkey_cert_records,transform,2,
>>>                                        [{file,"pubkey_cert_records.erl"},
>>>                                         {line,72}]},
>>>                                    {pubkey_cert_records,decode_tbs,1,
>>>                                        [{file,"pubkey_cert_records.erl"},
>>>                                         {line,190}]},
>>>                                    {pubkey_cert_records,decode_cert,1,
>>>                                        [{file,"pubkey_cert_records.erl"},
>>>                                         {line,40}]},
>>>                                    {public_key,pkix_decode_cert,2,
>>>                                        [{file,"public_key.erl"},
>>>                                         {line,211}]}]}}}},
>>>                      [{public_key,pkix_decode_cert,2,
>>>                           [{file,"public_key.erl"},{line,215}]},
>>>                       {public_key,path_validation,2,
>>>                           [{file,"public_key.erl"},{line,605}]},
>>>                       {ssl_handshake,certify,7,
>>>                           [{file,"ssl_handshake.erl"},{line,218}]},
>>>                       {ssl_connection,certify,2,
>>>                           [{file,"ssl_connection.erl"},{line,514}]},
>>>                       {ssl_connection,next_state,4,
>>>                           [{file,"ssl_connection.erl"},{line,1929}]},
>>>
>>> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},
>>>                       {proc_lib,init_p_do_apply,3,
>>>                           [{file,"proc_lib.erl"},{line,227}]}]},
>>>                     {gen_fsm,sync_send_all_state_event,
>>>                         [<0.8453.0>,start,infinity]}}
>>>      in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line
>>> 240)
>>>      in call from ssl_connection:sync_send_all_state_event/3
>>> (ssl_connection.erl, line 1195)
>>>      in call from ssl_connection:handshake/2 (ssl_connection.erl, line
>>> 167)
>>>      in call from ssl_connection:start_fsm/8 (ssl_connection.erl, line
>>> 1037)
>>>      in call from ssl_connection:connect/7 (ssl_connection.erl, line 139)
>>> 18:40:19.798 [error] gen_fsm <0.8453.0> in state certify terminated
>>> with reason: no match of right hand value
>>>
>>> {error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
>>> in public_key:pkix_decode_cert/2 line 215
>>> 18:40:19.931 [error] CRASH REPORT Process <0.8453.0> with 0 neighbours
>>> exited with reason: no match of right hand value
>>>
>>> {error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
>>> in public_key:pkix_decode_cert/2 line 215 in gen_fsm:terminate/7 line
>>> 611
>>> 18:40:19.970 [error] Supervisor ssl_connection_sup had child undefined
>>> started with {ssl_connection,start_link,undefined} at <0.8453.0> exit
>>> with reason no match of right hand value
>>>
>>> {error,{asn1,{{case_clause,19},[{'OTP-PUB-KEY',check_and_convert_restricted_string,5,[{file,"OTP-PUB-KEY.erl"},{line,14122}]},{'OTP-PUB-KEY',decode,2,[{file,"OTP-PUB-KEY.erl"},{line,493}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,60}]},{lists,map,2,[{file,"lists.erl"},{line,1173}]},{pubkey_cert_records,transform,2,[{file,"pubkey_cert_records.erl"},{line,72}]},{pubkey_cert_records,decode_tbs,1,[{file,"pubkey_cert_records.erl"},{line,190}]},{pubkey_cert_records,...},...]}}}
>>> in public_key:pkix_decode_cert/2 line 215 in context child_terminated
>>> _______________________________________________
>>> erlang-bugs mailing list
>>> erlang-bugs@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-bugs
>>>
>>>
>>
>>



More information about the erlang-bugs mailing list