[erlang-questions] How to use new_ssl in R12?

Ingela Anderton Andin <>
Thu Sep 4 09:15:27 CEST 2008


Hi,

sorry for the delay in answering this,  I promise we have not been 
ignoring you just been swamped with
other things to do for R12B-4 .  The new ssl-implementation is still 
very much  a beta.  I will look into
your particular  problem as  part of  further  development of ssl and  
get back to you when I know more.

Regards Ingela Erlang/OTP, Ericsson

Hi,

I'm trying to use new_ssl to make a simple echo server, but so far, I 
cannot seem to get it working.

Here is a snipped of my code:

main() ->
    application:start(crypto),
    application:start(ssl),
    ssl:seed("TODO random here"),
    {ok, ListenSocket} = ssl:listen(12345, [
        {ssl_imp, new},
        {verify, 0},
        {cacertfile, "ca.pem"},
        {certfile, "crt.pem"},
        {keyfile, "key.pem"}
    ]),
    io:format("ready to accept connections at port 12345 ~p\n", 
[ListenSocket]),
    {ok, Socket} = ssl:transport_accept(ListenSocket),
    io:format("accepted connection from ~p\n", [ssl:peername(Socket)]),
    ok = ssl:ssl_accept(Socket),
    io:format("client connection ~p~n", [Socket]),
    loop(Socket).

loop(Socket) ->
    receive
        {ssl, Socket, Data} ->
            io:format("received data: ~p~n", [Data]),
            ssl:send(Socket, Data),
            loop(Socket);
...

This will open a listen socket at port 12345; after a connection is 
established, it will echo everything back to the client until the socket 
is closed.

If I comment the {ssl_imp, new} it works as expected, though it does not 
work with the new implementation, erl just crashes with the message:

{"init terminating in 
do_boot",{{try_clause,{error,esslerrssl}},[{ssl,ssl_accept,2},{echo_ssl,main,0},{init,start_it,1},{init,start_em,1}]}}

Before dying, it sends an SSL alert to the client, with the data (as 
seen in the client console):

connection lost: [('SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert 
internal error'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake 
failure')]


The code (and dummy certificates, etc) is at:

    http://ruilopes.com/tmp/echo_ssl/echo_ssl.erl
    http://ruilopes.com/tmp/echo_ssl/key.pem
    http://ruilopes.com/tmp/echo_ssl/crt.pem
    http://ruilopes.com/tmp/echo_ssl/ca.pem

The client (written in twisted/python) is at:

    http://ruilopes.com/tmp/echo_ssl/echo_ssl_client.py


Any idea how to make this work?


Thanks in advance!

Best regards,
Rui Lopes




More information about the erlang-questions mailing list