<div dir="ltr">To clarify, as far as I can tell, the code in question does set 'active' to false.<div><br></div><div>BR,</div><div>Ulf W</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-12-25 21:40 GMT+01:00 Ulf Wiger <span dir="ltr"><<a href="mailto:ulf@wiger.net" target="_blank">ulf@wiger.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Ingela,<div><br></div><div>'active' should be set to false:</div><div><br></div><div><a href="https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L346" target="_blank">https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L346</a><br></div><div><br></div><div>BR,</div><div>Ulf W</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2015-12-25 12:54 GMT+01:00 Ingela Anderton Andin <span dir="ltr"><<a href="mailto:Ingela.Anderton.Andin@ericsson.com" target="_blank">Ingela.Anderton.Andin@ericsson.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="direction:ltr;font-family:Tahoma;color:#000000;font-size:10pt">
<p>Hi!</p>
<p> </p>
<p>From ssl users guide</p>
<p> </p>
<p> "Ensure active is set to false before trying to upgrade a connection to an SSL connection, otherwise SSL handshake messages can be delivered to the wrong process."</p>
<p> </p>
<p>Regards Ingela Erlang/OTP team - Ericsson AB</p>
<div style="FONT-SIZE:16px;FONT-FAMILY:Times New Roman;COLOR:#000000">
<hr>
<div style="DIRECTION:ltr"><font color="#000000" size="2" face="Tahoma"><b>Från:</b> <a href="mailto:erlang-bugs-bounces@erlang.org" target="_blank">erlang-bugs-bounces@erlang.org</a> [<a href="mailto:erlang-bugs-bounces@erlang.org" target="_blank">erlang-bugs-bounces@erlang.org</a>] för Danil Zagoskin [<a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a>]<br>
<b>Skickat:</b> den 24 december 2015 10:22<br>
<b>Till:</b> Ulf Wiger<br>
<b>Kopia:</b> <a href="mailto:erlang-bugs@erlang.org" target="_blank">erlang-bugs@erlang.org</a><br>
<b>Ämne:</b> Re: [erlang-bugs] SSL handshake crash<br>
</font><br>
</div><div><div>
<div></div>
<div>
<div dir="ltr">Hi!
<div><br>
</div>
<div>I have the same issue, but not so often.</div>
<div>It seems to appear only when upgrading plain socket to TLS (XMPP starttls in my case).</div>
<div><br>
</div>
<div>Possibly it's some kind of race condition when client sends TLS hello before server does ssl_accept(). Maybe some active/passive socket mode issue.</div>
<div><br>
</div>
<div>If you control the client code, could you add some sleep before starttls and check if that fixes the issue?</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Dec 23, 2015 at 8:38 PM, Ulf Wiger <span dir="ltr">
<<a href="mailto:ulf@wiger.net" target="_blank">ulf@wiger.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div dir="ltr"><span style="FONT-SIZE:12px;FONT-FAMILY:Helvetica;COLOR:rgb(0,0,0)">Hmm… I send this to erlang-bugs, but it didn’t seem to get through.</span>
<div style="FONT-SIZE:12px;FONT-FAMILY:Helvetica;COLOR:rgb(0,0,0)"><br>
</div>
<div style="FONT-SIZE:12px;FONT-FAMILY:Helvetica;COLOR:rgb(0,0,0)">When connecting some Android software to an Erlang node using TLS, we sometimes (about 1 in 3 or 4 times) get the following errors:<br>
<br>
2015-12-22 15:31:00.772 [error] <0.210.0> gen_fsm <0.210.0> in state hello terminated with reason: no function clause matching ssl_handshake:update_handshake_history(undefined, <<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,...>>)
line 450<br>
<br>
15:31:00.783<dlink_tls_conn/327>dlink_tls_conn:terminate(): Reason: {{function_clause,[{ssl_handshake,update_handshake_history,[undefined,<<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,109,210,170,150,204,23,32,228,0,0,70,0,4,0,5,0,47,0,53,192,2,192,4,192,5,192,12,192,14,192,15,192,7,192,9,192,10,192,17,192,19,192,20,0,51,0,57,0,50,0,56,0,10,192,3,192,13,192,8,192,18,0,22,0,19,0,9,0,21,0,18,0,3,0,8,0,20,0,17,0,255,1,0,0,64,0,11,0,4,3,0,1,2,0,10,0,52,0,50,0,14,0,13,0,25,0,11,0,12,0,24,0,9,0,10,0,22,0,23,0,8,0,6,0,7,0,20,0,21,0,4,0,5,0,18,0,19,0,1,0,2,0,3,0,15,0,16,0,17>>],[{file,"ssl_handshake.erl"},{line,450}]},{tls_connection,'-next_state/4-fun-0-',3,[{file,"tls_connection.erl"},{line,458}]},{tls_connection,next_state,4,[{file,"tls_connection.erl"},{line,467}]},{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,518}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]},{gen_fsm,sync_send_all_state_event,[<0.210.0>,{start,infinity},infinity]}} <br>
<br>
2015-12-22 15:31:00.784 [error] <0.210.0> CRASH REPORT Process <0.210.0> with 0 neighbours exited with reason: no function clause matching ssl_handshake:update_handshake_history(undefined, <<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,...>>)
line 450 in gen_fsm:terminate/7 line 626<br>
<br>
2015-12-22 15:31:00.785 [error] <0.209.0> gen_server <0.209.0> terminated with reason: {{function_clause,[{ssl_handshake,update_handshake_history,[undefined,<<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,109,210,170,150,204,23,32,228,0,0,70,0,4,0,5,0,47,0,53,192,2,192,4,192,5,192,12,192,14,192,15,192,7,192,9,192,10,192,17,192,19,192,20,0,51,0,57,0,50,0,56,0,10,192,3,192,13,192,8,192,18,0,22,0,19,0,9,0,21,0,18,0,3,0,8,0,20,0,17,0,255,1,0,0,64,0,11,0,4,3,0,1,2,0,10,0,52,0,50,0,14,0,13,0,25,0,11,0,12,0,24,0,9,0,10,0,22,0,23,0,8,0,...>>],...},...]},...}
in gen_fsm:sync_send_all_state_event/3 line 257<br>
<br>
2015-12-22 15:31:00.786 [error] <0.209.0> CRASH REPORT Process <0.209.0> with 0 neighbours exited with reason: {{function_clause,[{ssl_handshake,update_handshake_history,[undefined,<<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,109,210,170,150,204,23,32,228,0,0,70,0,4,0,5,0,47,0,53,192,2,192,4,192,5,192,12,192,14,192,15,192,7,192,9,192,10,192,17,192,19,192,20,0,51,0,57,0,50,0,56,0,10,192,3,192,13,192,8,192,18,0,22,0,19,0,9,0,21,0,18,0,3,0,8,0,20,0,17,0,255,1,0,0,64,0,11,0,4,3,0,1,2,0,10,0,52,0,50,0,14,0,13,0,25,0,11,0,12,0,24,0,9,0,10,0,22,0,23,0,8,0,...>>],...},...]},...}
in gen_server:terminate/7 line 826<br>
<br>
2015-12-22 15:31:00.787 [error] <0.109.0> Supervisor tls_connection_sup had child undefined started with {tls_connection,start_link,undefined} at <0.210.0> exit with reason no function clause matching ssl_handshake:update_handshake_history(undefined, <<1,0,0,175,3,1,86,121,221,42,209,19,198,53,3,42,92,9,16,158,197,5,169,29,247,96,14,32,123,176,...>>)
line 450 in context child_terminated<br>
<br>
<br>
We run OTP Erlang/OTP 18 [erts-7.2] with ssl-7.2, and the erlang side has the following options:<br>
<br>
[{verify,verify_peer},<br>
{certfile,"/home/.../device_cert.crt”},<br>
{keyfile,"/home/.../device_key.pem”},<br>
{cacertfile,"/home/.../root_cert.crt”},<br>
{verify_fun,{#Fun<dlink_tls_conn.65.24728257>,{'RSAPublicKey’,...}}},<br>
{partial_chain,#Fun<dlink_tls_conn.64.24728257>}]<br>
<br>
Basically, the verify_fun validates a self-signed cert<br>
<a href="https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L393" target="_blank">https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L393</a><br>
<br>
and the partial_chain fun most likely does much less than it should<br>
<a href="https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L421" target="_blank">https://github.com/PDXostc/rvi_core/blob/develop/components/dlink_tls/src/dlink_tls_conn.erl#L421</a><br>
<br>
On the Android side, we’re using Android 4.4.2 (API 19).<br>
<br>
It feels like a timing-related problem on the erlang side.<br>
<br>
Let me know if you need more information.<br>
<br>
BR,<br>
Ulf W</div>
</div>
<br>
_______________________________________________<br>
erlang-bugs mailing list<br>
<a href="mailto:erlang-bugs@erlang.org" target="_blank">erlang-bugs@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-bugs" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-bugs</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">
z@gosk.in</a></font></div>
</div>
</div>
</div>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>