[erlang-questions] Re: ssl and {active, once} - bug?

Ingela Andin ingela@REDACTED
Thu Apr 22 23:29:08 CEST 2010


Hi

2010/4/21 Roberto Ostinelli <roberto@REDACTED>:
> hi!
>
>>> but i've decided to go for the httpd
>>> option in ssl.
>>
>> Sorry I do not  understand what you mean by that?
>
> i meant that i'm handling the switch myself to httph, so patch is
> currenlty not needed.

Ahh, I see.

>>
>> Are you writing your own http server? Could you explain more what yoy
>> are trying to do?
>
> i was adding SSL support to misultin http://code.google.com/p/misultin/w/list
>
> as said, what i'm still missing is some kind of response in the case:
>
> . a http request is done on a https server [currently, it timeouts]
> . a https request is done on a http server [currently, it shuts down
> the connection].
>
> it is not clear how to provide some kind of http response on a SSL
> socket, since the socket is not created unless SSL is used [and thus,
> it timeouts].
>
> in the same way, a non-SSL socket will simply do not understand
> incoming tcp data which is part of the SSL negotiation [and thus, only
> available option is to send a 403 error which is of course
> mis-interpreted by the browser which initiated a SSL negitiation.
>
> hope this is more clear :)
>
> r.

Yes I understand better now. You should look at the RFC2817. You have
to use upgrade
from tcp to tls(ssl) to be able to handle http and https request on
the same port.
The old erlang ssl implementation does not support that. But new ssl
does support socket upgrade :)

Regards Ingela Erlang/OTP team Ericsson AB


More information about the erlang-questions mailing list