Still problems with new SSL?

Steve Davis <>
Wed Jul 14 03:22:33 CEST 2010


Hi Ingela,

Thanks for the reply. Looking at that thread, it does seem that is the
same issue.

I guess I'll have to brave those other rfc's and dig further, since
interoperability with Google's https comes rather high on my priority
list!

Regards,
Steve


On Jul 13, 3:53 pm, Ingela Andin <> wrote:
> Hi!
>
> I have tested this with different openssl servers both with and
> without secure renegotiation and it works fine.
> I rather suspect that you  have the same problem as disucssed  by the
> thread  "New SSL related observation / question"
> e.i. that the padding is incorrect.  I get the same error as you with
> the goggle server when trying it from home.
> (Behinde a firewall at work).
>
> Regards Ingela Erlang OTP/Team, Ericsson AB
>
> 2010/7/11 Steve Davis <>:
>
>
>
>
>
> > Can anyone make the code below (specifically againsthttps://www.google.com)
> > work for
>
> > ssltest:run(new)?
>
> > I'm using the key.pem and cert.pem copied from ERLANG_HOME/lib/ssl-4.0/
> > examples/certs/etc/client
>
> > My results are:
> > 2> ssltest:run(old).
> > {ok,<<"HTTP/1.1 200 OK\r\nDate: Sun, 11 Jul 2010 16:20:13 GMT\r
> > \nExpires: -1\r\nCache-Control: private, max-age=0\r\nConten"...>>}
> > 3> ssltest:run(new).
>
> > =ERROR REPORT==== 11-Jul-2010::11:20:17 ===
> > SSL: decipher_error: ./ssl_record.erl:680:Fatal error: bad record mac
> > {error,"bad record mac"}
> > 4>
>
> > ----- module ssltest.erl ------
> > -module(ssltest).
>
> > -export([run/1]).
>
> > -define(HOST, "www.google.com").
> > -define(PORT, 443).
> > -define(REQUEST,
> >        <<"GET / HTTP/1.1\r\n",
> >        "Connection: close\r\n",
> >        "User-Agent: Mozilla/5.0 (Windows NT 5.1; en-US) Test/1.0.0\r\n",
> >        "Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/
> > plain;q=0.8,image/png,*/*;q=0.5\r\n",
> >        "Accept-Language: en-US,en;q=0.8\r\n",
> >        "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n",
> >        "\r\n">>).
>
> > run(Impl) when Impl =:= old; Impl =:= new ->
> >        Opts = [binary, {ip, {0, 0, 0, 0}}, {active, false}, {packet, 0},
> >                {ssl_imp, Impl}, {verify, 0}, {depth, 1},
> >                {keyfile, "./key.pem"},
> >                {certfile, "./cert.pem"}],
> >        ssl:start(),
> >        {ok, Socket} = ssl:connect(?HOST, ?PORT, Opts),
> >        ok = ssl:send(Socket, ?REQUEST),
> >        catch ssl:recv(Socket, 0, 10000).
>
> > ________________________________________________________________
> > erlang-questions (at) erlang.org mailing list.
> > Seehttp://www.erlang.org/faq.html
> > To unsubscribe; mailto:
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> Seehttp://www.erlang.org/faq.html
> To unsubscribe; mailto:


More information about the erlang-questions mailing list