[erlang-bugs] ssl

Ingela Anderton Andin <>
Tue Apr 15 14:29:07 CEST 2014


On 04/14/2014 10:05 PM, Samir Sow wrote:
> Hi,
> I’m using ssl-5.3.4
> I’ve executed the step presented in the «upgrade example» of the document :
> http://www.erlang.org/doc/apps/ssl/using_ssl.html
> except that i used openssl s_client to perform the client connect operation

Well that explains it, as the s_client is not performing an upgrade of 
the connection it is connecting with ssl from the start, and when the 
client start to send its handshake the server must be ready to receive 
it. You can still make your example work by setting {active, false} 
already on the listen socket so that the data will be left on the socket 
until the server process is is ready to receive it. (Accept socket 
inherits listen options and default is among others {active, true} and 
{mode, list}. In the upgrade scenario the server would do 
inet:setopts(Socket, [{active, false}]) before signaling to the client 
that it can now start the ssl handshake and then call ssl:ssl_accept.
The ssl server process will emulate some inet options and internally set
its own values, example socket mode will be set to binary.

Regards Ingela Erlang/OTP Team - Ericsson AB

> Thank you.
> Samir
> On 14 avr. 2014, at 09:53, Ingela Anderton Andin <> wrote:
>> Hi!
>> Which version of the ssl application are you using? Can you make a more complete example that fails so that I can run it too? We use openssl s_client in our test cases so it seems there is some special circumstances that makes this happen. The problem seems to be that
>> the data from the peer is on list format  instead of binary format.
>> The packet option on the socket shall be emulated by ssl so the socket
>> should always be in binary mode, but it seems it is not.
>> Regards Ingela Erlang/OTP team - Ericssson AB
>> On 04/12/2014 09:37 AM, Samir Sow wrote:
>>> Hi,
>>> Still struggling with ssl.
>>> I decided to check what’s going on at the ssl module level. Did a step by step ssl connection using the erlang ssl doc.
>>> Found an error erlang:size badarg, but could not understand if it’s a problem with the key/cert files or with the data sent by the client.
>>> The client was openssl s_client.
>>> Any help welcomed. Thx
>>> Samir
>>> {ok, SSLSocket} = ssl:ssl_accept(Socket, [{cacertfile, "priv/cert/cacert.crt"}, {certfile, "priv/cert/server.crt"}, {keyfile, "priv/cert/server.key"}]).
>>> ** exception exit: {{badarg,
>>>                         [{erlang,size,
>>>                              [[22,3,1,0,176,1,0,0,172,3,3,83,72,89,48,183,175,
>>>                                58,145,197,219|...]],
>>>                              []},
>>>                          {tls_record,get_tls_records_aux,2,
>>>                              [{file,"tls_record.erl"},{line,122}]},
>>>                          {tls_connection,next_tls_record,2,
>>>                              [{file,"tls_connection.erl"},{line,484}]},
>>>                          {tls_connection,handle_info,3,
>>>                              [{file,"tls_connection.erl"},{line,307}]},
>>>                          {gen_fsm,handle_msg,7,
>>>                              [{file,"gen_fsm.erl"},{line,503}]},
>>>                          {proc_lib,init_p_do_apply,3,
>>>                              [{file,"proc_lib.erl"},{line,239}]}]},
>>>                     {gen_fsm,sync_send_all_state_event,
>>>                         [<0.105.0>,{start,infinity},infinity]}}
>>>      in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line 242)
>>>      in call from ssl_connection:sync_send_all_state_event/2 (ssl_connection.erl, line 1649)
>>>      in call from ssl_connection:handshake/2 (ssl_connection.erl, line 97)
>>>      in call from tls_connection:start_fsm/8 (tls_connection.erl, line 81)
>>>      in call from ssl_connection:ssl_accept/7 (ssl_connection.erl, line 84)
>>> _______________________________________________
>>> erlang-bugs mailing list
>>> http://erlang.org/mailman/listinfo/erlang-bugs
>> _______________________________________________
>> erlang-bugs mailing list
>> http://erlang.org/mailman/listinfo/erlang-bugs

More information about the erlang-bugs mailing list