[erlang-questions] openssl s_client hangs when accessing, https service in inets application

Ingela Anderton Andin <>
Wed Jan 7 12:08:53 CET 2009


 wrote:

Hi!

Yes there is an inconsistency here which is the root  to the problem
of that  https-servers does not always work as expected.
The inets application has been around for quite some time and gone
through some major rewrites, but with the need to keep old code around
for quite some while to retain backwards compatibility unfortunately
some legacy code did not get cleaned out creating the inconsistency.  
Alas the old-apache-like configuration
files so to speak fixed the inconsistency so that it happens to work anyway.
When modernizing the API we alas did not write an explicit test-case for
using https  (strictly speaking should not make any difference, have you 
heard that one before ;)),  if we had we could
have caught this a little earlier , but  anyway this problem has already 
been fixed for the upcoming release.

So the workaround until then is to use old style apache-like 
configuration files.

Regards Ingela Erlang/OTP - Ericsson

> Hi,
>
> The documentation and code of inets application are not consistent,
> the corresponding option in {proplist_file, path()} to "SocketType"
> option in {file, path()} is "com_type", not "socket_type".
>
> Liu Yubao wrote:
>   
>> Hi,
>>
>> The https services in inets application doesn't work, I guess
>> I got something wrong. Below is the steps to recur:
>>
>>    a. use gen-cert.sh to generate server.pem; 
>>       (All scripts and configuration are provided at
>>           http://jff.googlecode.com/files/inets-https-test.tar
>>       )
>>
>>    b. execute runerl.sh and input these clauses in the erlang shell:
>>          application:start(ssl).
>>          application:start(inets).
>>
>>    c. execute `openssl s_client -connect localhost:8443 -debug -msg`,
>>       you can see openssl hangs after sending a CLIENT-HELLO message,
>>       the TCP connection is established successfully but https server
>>       doesn't response to the CLIENT-HELLO message.
>>
>>
>> I tested "ssl:listen" in erlang shell and succeed to communication between
>> openssl and erlang shell:
>>
>>      application:start(ssl).
>>      {ok, S} = ssl:listen(8443, [{certfile, "server.pem"}, {active, false}]).
>>      {ok, S2} = ssl:accept(S).
>>          # execute in another bash: openssl s_client -connect localhost:8443
>>      ssl:send(S2, <<"hello world\n">>).
>>          # "openssl s_client" can receive this greeting.
>>
>>
>> I tested against the latest erlang 5.6.5 under Windows XP and 5.6.3 under
>> Debian Lenny.
>>
>> I'm looking forward your help!
>>
>>     




More information about the erlang-questions mailing list