[erlang-questions] openssl s_client hangs when accessing, https service in inets application
Ingela Anderton Andin
ingela@REDACTED
Wed Jan 7 12:08:53 CET 2009
erlang-questions-request@REDACTED wrote:
Hi!
Yes there is an inconsistency here which is the root to the problem
of that https-servers does not always work as expected.
The inets application has been around for quite some time and gone
through some major rewrites, but with the need to keep old code around
for quite some while to retain backwards compatibility unfortunately
some legacy code did not get cleaned out creating the inconsistency.
Alas the old-apache-like configuration
files so to speak fixed the inconsistency so that it happens to work anyway.
When modernizing the API we alas did not write an explicit test-case for
using https (strictly speaking should not make any difference, have you
heard that one before ;)), if we had we could
have caught this a little earlier , but anyway this problem has already
been fixed for the upcoming release.
So the workaround until then is to use old style apache-like
configuration files.
Regards Ingela Erlang/OTP - Ericsson
> Hi,
>
> The documentation and code of inets application are not consistent,
> the corresponding option in {proplist_file, path()} to "SocketType"
> option in {file, path()} is "com_type", not "socket_type".
>
> Liu Yubao wrote:
>
>> Hi,
>>
>> The https services in inets application doesn't work, I guess
>> I got something wrong. Below is the steps to recur:
>>
>> a. use gen-cert.sh to generate server.pem;
>> (All scripts and configuration are provided at
>> http://jff.googlecode.com/files/inets-https-test.tar
>> )
>>
>> b. execute runerl.sh and input these clauses in the erlang shell:
>> application:start(ssl).
>> application:start(inets).
>>
>> c. execute `openssl s_client -connect localhost:8443 -debug -msg`,
>> you can see openssl hangs after sending a CLIENT-HELLO message,
>> the TCP connection is established successfully but https server
>> doesn't response to the CLIENT-HELLO message.
>>
>>
>> I tested "ssl:listen" in erlang shell and succeed to communication between
>> openssl and erlang shell:
>>
>> application:start(ssl).
>> {ok, S} = ssl:listen(8443, [{certfile, "server.pem"}, {active, false}]).
>> {ok, S2} = ssl:accept(S).
>> # execute in another bash: openssl s_client -connect localhost:8443
>> ssl:send(S2, <<"hello world\n">>).
>> # "openssl s_client" can receive this greeting.
>>
>>
>> I tested against the latest erlang 5.6.5 under Windows XP and 5.6.3 under
>> Debian Lenny.
>>
>> I'm looking forward your help!
>>
>>
More information about the erlang-questions
mailing list