[erlang-bugs] ssl socket session upgrade fails
Ingela Anderton Andin
Ingela.Anderton.Andin@REDACTED
Wed Nov 21 14:42:24 CET 2012
Hi!
Delorum wrote:
> So i think that reusing sessions might be broke if the client and the server do not have the same version of openssl installed on their machine.
>
> here is a bit of code that can trigger the error:
>
> ssl:start(),
> {ok,Listen} = ssl:listen(443,[{reuseaddr,true},{certfile,"/mnt/ssl/mysite.com.crt"},{keyfile,"mysite.com.key"}]),
> {ok,NewSocket} = ssl:transport_accept(Listen),
> ssl:ssl_accept(NewSocket),
> {ok,NewSock2} = ssl:transport_accept(Listen),
> ssl:ssl_accept(NewSock2).
>
> and here is what can be run in another shell to case the error:
>
> openssl s_client -ssl3 -connect 192.168.0.10:443 -reconnect
>
> the interesting thing that I have noticed is that when running the openssl s_client command from the same machine that the erlang server is runing DOES NOT cause the issue. But when running the same command from any other machine, and I tested it with 12 machines here in the office it fails.
>
> to be more specific, if the version of openssl on the CLIENT machine is 0.9.8r, and the server version is in the 1.0.1 series.
I do not think that the openssl version on the server host is relevant.
Erlang SSL application uses openssl for crypto operations only. Can you
connect with the s_client to s_servers that you start on the server host?
[...]
> clients should not have to upgrade their version of openssl in order to visit websites hosted by an erlang application.
Agreed!
> and here is the crash, i removed all the binary data and the private key data because this is not a test cert:
>
> =ERROR REPORT==== 16-Nov-2012::16:54:57 ===
> ** State machine <0.49.0> terminating
> ** Last message in was {tcp,#Port<0.1263>,
> << removed >>}
This looks really strange << removed >> is not a valid TLS message!
[...]
Regards Ingela Erlang/OTP team - Ericsson AB
More information about the erlang-bugs
mailing list