[erlang-bugs] ssl

Ingela Anderton Andin Ingela.Anderton.Andin@REDACTED
Wed Apr 16 10:22:29 CEST 2014




-------- Original Message --------
Subject: Re: [erlang-bugs] ssl
Date: Wed, 16 Apr 2014 09:46:44 +0200
From: Ingela Anderton Andin <Ingela.Anderton.Andin@REDACTED>
To: Samir Sow <samset@REDACTED>

Hi!

This works, and is equivalent of what you did in the first place!

Erlang/OTP 17 [RELEASE CANDIDATE 2] [erts-6.0] [source-fa45816] [64-bit]
[smp:8:8] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V6.0  (abort with ^G)
1>  ssl:start().
ok
2> {ok, ListenSocket} = gen_tcp:listen(9999, [{reuseaddr, true},
{active, false}]).
{ok,#Port<0.776>}
3>  {ok, Socket} = gen_tcp:accept(ListenSocket).
{ok,#Port<0.777>}  %%% Will return when you started the openssl client

%% Do the upgrade
4>  ssl:ssl_accept(Socket, [{cacertfile, "cacerts.pem"}, {certfile,
"cert.pem"}, {keyfile, "key.pem"}]).
{ok,{sslsocket,{gen_tcp,#Port<0.777>,tls_connection},
                <0.48.0>}}


In an another shell:

bash> openssl s_client -host localhost -port 9999


Regards Ingela Erlang/OTP team - Ericsson AB


On 04/15/2014 10:06 PM, Samir Sow wrote:
> Hi,
>
> I’ve tried ok, ListenSocket} = gen_tcp:listen(9999, [{reuseaddr, true}, {active, false}]).
>
> But in this case,
> {ok, SSLSocket} = ssl:ssl_accept(ListenSocket, [{cacertfile, "priv/cert/cacert.crt"}, {certfile, "priv/cert/server.crt"}, {keyfile, "priv/cert/server.key"}]).
> does not return.
>
> Could you please, send me a working scenario ?
>
> Thank you.
>
> Sincerely
>
> On 15 avr. 2014, at 14:29, Ingela Anderton Andin <Ingela.Anderton.Andin@REDACTED> wrote:
>
>> Hi!
>>
>> On 04/14/2014 10:05 PM, Samir Sow wrote:
>>> Hi,
>>>
>>> I’m using ssl-5.3.4
>>>
>>> I’ve executed the step presented in the «upgrade example» of the document :
>>> http://www.erlang.org/doc/apps/ssl/using_ssl.html
>>>
>>> except that i used openssl s_client to perform the client connect operation
>>
>> Well that explains it, as the s_client is not performing an upgrade of the connection it is connecting with ssl from the start, and when the clientstart to send its handshake the server must be ready to receive it. You can still make your example work by setting {active, false} already on the listen socket so that the data will be left on the socket until the server process is is ready to receive it. (Accept socket inherits listen options anddefault is among others {active, true} and {mode, list}. In the upgrade scenario the server would do inet:setopts(Socket, [{active, false}]) before signaling to the client that it can now start the ssl handshake and then call ssl:ssl_accept.
>> The ssl server process will emulate some inet options and internally set
>> its own values, example socket mode will be set to binary.
>>
>> Regards Ingela Erlang/OTP Team - Ericsson AB
>>
>>
>>> Thank you.
>>>
>>> Samir
>>>
>>> On 14 avr. 2014, at 09:53, Ingela Anderton Andin <Ingela.Anderton.Andin@REDACTED> wrote:
>>>
>>>> Hi!
>>>>
>>>> Which version of the ssl application are you using? Can you make a more complete example that fails so that I can run it too? We use openssl s_client in our test cases so it seems there is some special circumstances thatmakes this happen. The problem seems to be that
>>>> the data from the peer is on list format  instead of binary format.
>>>> The packet option on the socket shall be emulated by ssl so the socket
>>>> should always be in binary mode, but it seems it is not.
>>>>
>>>> Regards Ingela Erlang/OTP team - Ericssson AB
>>>>
>>>> On 04/12/2014 09:37 AM, Samir Sow wrote:
>>>>> Hi,
>>>>>
>>>>> Still struggling with ssl.
>>>>> I decided to check what’s going on at the ssl module level. Did a step by step ssl connection using the erlang ssl doc.
>>>>> Found an error erlang:size badarg, but could not understand if it’sa problem with the key/cert files or with the data sent by the client.
>>>>>
>>>>> The client was openssl s_client.
>>>>>
>>>>> Any help welcomed. Thx
>>>>>
>>>>> Samir
>>>>>
>>>>> {ok, SSLSocket} = ssl:ssl_accept(Socket, [{cacertfile, "priv/cert/cacert.crt"}, {certfile, "priv/cert/server.crt"}, {keyfile, "priv/cert/server.key"}]).
>>>>> ** exception exit: {{badarg,
>>>>>                         [{erlang,size,
>>>>>                              [[22,3,1,0,176,1,0,0,172,3,3,83,72,89,48,183,175,
>>>>>                                58,145,197,219|...]],
>>>>>                              []},
>>>>>                          {tls_record,get_tls_records_aux,2,
>>>>>                              [{file,"tls_record.erl"},{line,122}]},
>>>>>                          {tls_connection,next_tls_record,2,
>>>>>                              [{file,"tls_connection.erl"},{line,484}]},
>>>>>                          {tls_connection,handle_info,3,
>>>>>                              [{file,"tls_connection.erl"},{line,307}]},
>>>>>                          {gen_fsm,handle_msg,7,
>>>>>                              [{file,"gen_fsm.erl"},{line,503}]},
>>>>>                          {proc_lib,init_p_do_apply,3,
>>>>>                              [{file,"proc_lib.erl"},{line,239}]}]},
>>>>>                     {gen_fsm,sync_send_all_state_event,
>>>>>                         [<0.105.0>,{start,infinity},infinity]}}
>>>>>      in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line 242)
>>>>>      in call from ssl_connection:sync_send_all_state_event/2 (ssl_connection.erl, line 1649)
>>>>>      in call from ssl_connection:handshake/2 (ssl_connection.erl, line 97)
>>>>>      in call from tls_connection:start_fsm/8 (tls_connection.erl, line 81)
>>>>>      in call from ssl_connection:ssl_accept/7 (ssl_connection.erl, line 84)
>>>>> _______________________________________________
>>>>> erlang-bugs mailing list
>>>>> erlang-bugs@REDACTED
>>>>> http://erlang.org/mailman/listinfo/erlang-bugs
>>>>>
>>>>
>>>> _______________________________________________
>>>> erlang-bugs mailing list
>>>> erlang-bugs@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-bugs
>>>
>>
>







More information about the erlang-bugs mailing list