'new' SSL API crash
org.erlang@REDACTED
org.erlang@REDACTED
Mon May 3 20:53:12 CEST 2010
Hello. Is the 'ssl_new' module known to be broken, currently?
I've tried using the 'old' ssl module but it seems to have no way to
actually fail SSL handshakes for non-verified connections and the like,
so I'm forced to use the new implementation.
However, I can't get it to do anything without crashing. I know the
certificates are valid as I've tested them using the openssl s_client
and s_server command line utilities.
Test program:
-module (sslserv_new).
-export ([start/0]).
server_ssl_settings () -> [
%% Socket options.
{active, false},
{reuseaddr, true},
%% SSL options.
{cacertfile, "TEST_CA/ca-cert.pem"},
{certfile, "TEST_CA/hosts/pacifico_server/cert.pem"},
{keyfile, "TEST_CA/hosts/pacifico_server/key.pem"},
{ssl_imp, new},
{verify, verify_peer},
{depth, 1},
{ciphers, ssl:cipher_suites()},
{reuse_sessions, false}
].
start() ->
io:format ("ssl:listen\n"),
{ok, Socket} = ssl:listen (10000, server_ssl_settings ()),
io:format ("ssl:transport_accept\n"),
{ok, Client_Socket} = ssl:transport_accept (Socket),
io:format ("ssl:ssl_accept\n"),
case ssl:ssl_accept (Client_Socket) of
ok ->
io:format ("ssl:ssl_accept: accepted\n"),
io:format ("ssl:close\n"),
ok = ssl:close (Client_Socket);
{error, Reason} ->
io:format ("ssl:ssl_accept: error ~w\n", [Reason])
end,
io:format ("ssl:close\n"),
ok = ssl:close (Socket).
--
Erlang R13B03 (erts-5.7.4) [source] [64-bit] [smp:8:8] [rq:8] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V5.7.4 (abort with ^G)
application:start (sasl),
application:start (crypto),
application:start (ssl),
--
1> ssl:versions().
[{ssl_app,"3.10.7"},
{supported,[tlsv1,sslv3]},
{available,[tlsv1,sslv3]}]
2> sslserv_new:start().
ssl:listen
ssl:transport_accept
ssl:ssl_accept
Then, connecting using 'openssl s_client' using a known, verifiable test certificate:
** exception exit: {{function_clause,[{pubkey_cert,select_extension,
[{2,5,29,35},asn1_NOVALUE]},
{pubkey_cert,issuer_id,2},
{ssl_certificate,certificate_chain,4},
{ssl_handshake,certificate,3},
{ssl_connection,certify_server,1},
{ssl_connection,server_certify_and_key_exchange,1},
{ssl_connection,do_server_hello,2},
{lists,foldl,3}]},
{gen_fsm,sync_send_all_state_event,
[<0.60.0>,started,infinity]}}
in function gen_fsm:sync_send_all_state_event/3
in call from ssl:ssl_accept/2
in call from sslserv_new:start/0
3>
=ERROR REPORT==== 3-May-2010::15:57:29 ===
** State machine <0.60.0> terminating
** Last event in was {ssl_tls,undefined,22,
{3,1},
<<1,0,0,133,3,1,0,93,0,0,0,32,0,0,57,0,0,56,0,0,
53,0,0,136,0,0,135,0,0,132,0,0,22,0,0,19,0,0,
10,7,0,192,0,0,51,0,0,50,0,0,47,0,0,69,0,0,68,
0,0,65,3,0,128,0,0,5,0,0,4,1,0,128,0,0,21,0,0,
18,0,0,9,6,0,64,0,0,20,0,0,17,0,0,8,0,0,6,4,0,
128,0,0,3,2,0,128,198,211,40,132,76,120,105,
20,171,188,10,216,42,133,0,122,173,212,152,
167,161,137,84,183,0,215,233,12,153,221,99,235>>} (for all states)
** When State == hello
** Data == {state,server,
{#Ref<0.0.0.70>,<0.35.0>},
gen_tcp,tcp,tcp_closed,"localhost",10000,#Port<0.1154>,
{ssl_options,[],verify_none,#Fun<ssl.2.46498989>,false,
false,1,"TEST_CA/hosts/pacifico_server/cert.pem",
"TEST_CA/hosts/pacifico_server/key.pem",undefined,
undefined,"TEST_CA/ca-cert.pem",
[<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
#Fun<ssl.0.78632910>,false,[]},
{socket_options,list,0,0,0,false},
{connection_states,
{connection_state,
{security_parameters,undefined,0,0,0,undefined,
undefined,undefined,undefined,0,undefined,0,
undefined,undefined,undefined,undefined},
undefined,undefined,undefined,1},
{connection_state,
{security_parameters,undefined,0,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,
<<75,222,242,105,194,191,18,141,171,244,247,
203,234,237,111,11,152,119,181,103,91,155,
92,85,84,17,57,121,20,164,73,110>>,
undefined},
undefined,undefined,undefined,undefined},
{connection_state,
{security_parameters,undefined,0,0,0,undefined,
undefined,undefined,undefined,0,undefined,0,
undefined,undefined,undefined,undefined},
undefined,undefined,undefined,0},
{connection_state,
{security_parameters,undefined,0,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,
<<75,222,242,105,194,191,18,141,171,244,247,
203,234,237,111,11,152,119,181,103,91,155,
92,85,84,17,57,121,20,164,73,110>>,
undefined},
undefined,undefined,undefined,undefined}},
<<>>,<<>>,
{{<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
0,0,0,0,0>>,
<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,97,
120,95,116,111,111,108,115,45,49,46,54,46,52,47,101,
98,105,110,47,115,115,108,95,104,97,110,100,115,104,
97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,0,0,
185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>},
{<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
0,0,0,0,0>>,
<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,
97,120,95,116,111,111,108,115,45,49,46,54,46,52,47,
101,98,105,110,47,115,115,108,95,104,97,110,100,115,
104,97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,
0,0,185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>}},
[],
<<48,130,3,93,48,130,2,69,2,1,1,48,13,6,9,42,134,72,134,
247,13,1,1,5,5,0,48,129,136,49,17,48,15,6,3,85,4,10,19,
8,80,65,67,73,70,73,67,79,49,20,48,18,6,3,85,4,11,20,11,
112,97,99,105,102,105,99,111,95,99,97,49,36,48,34,6,9,
42,134,72,134,247,13,1,9,1,22,21,112,97,99,105,102,105,
99,111,95,99,97,64,108,111,99,97,108,104,111,115,116,49,
10,48,8,6,3,85,4,7,19,1,46,49,10,48,8,6,3,85,4,8,19,1,
46,49,11,48,9,6,3,85,4,6,19,2,90,90,49,18,48,16,6,3,85,
4,3,19,9,108,111,99,97,108,104,111,115,116,48,30,23,13,
49,48,48,53,48,50,49,51,52,57,52,51,90,23,13,50,48,48,
52,50,57,49,51,52,57,52,51,90,48,96,49,11,48,9,6,3,85,4,
6,19,2,90,90,49,10,48,8,6,3,85,4,8,19,1,46,49,17,48,15,
6,3,85,4,10,19,8,80,65,67,73,70,73,67,79,49,24,48,22,6,
3,85,4,11,20,15,112,97,99,105,102,105,99,111,95,115,101,
114,118,101,114,49,24,48,22,6,3,85,4,3,20,15,112,97,99,
105,102,105,99,111,95,115,101,114,118,101,114,48,130,1,
34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,
0,48,130,1,10,2,130,1,1,0,240,234,138,84,118,47,107,232,
150,182,200,67,1,35,15,48,208,88,231,11,213,21,249,110,
226,145,33,249,255,250,114,58,255,247,130,249,140,60,
108,201,2,98,26,254,16,213,173,238,140,201,39,75,7,97,
209,120,94,80,69,11,72,117,162,83,84,194,57,232,106,19,
2,196,52,255,102,220,178,30,82,85,10,96,118,20,104,238,
54,214,183,157,110,205,247,220,236,34,209,225,95,113,
244,195,193,56,177,196,204,248,203,210,172,236,124,75,
60,246,172,183,76,9,253,155,20,101,63,66,12,109,213,186,
167,95,2,197,100,120,22,94,247,229,2,22,95,54,216,42,78,
230,204,144,123,218,153,113,128,155,236,88,228,171,169,
59,165,2,122,196,149,208,179,249,5,86,38,39,217,79,193,
7,121,41,193,201,3,43,109,225,62,195,67,173,248,3,245,
81,210,197,193,236,3,91,150,57,142,97,34,18,138,104,212,
252,188,6,165,221,221,243,166,115,40,247,179,191,163,
127,190,211,153,161,229,113,220,178,216,48,240,116,133,
103,20,107,225,88,214,163,63,233,4,175,50,61,6,22,240,
78,107,145,2,3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,
5,5,0,3,130,1,1,0,103,56,251,221,227,238,147,176,66,136,
67,183,114,184,232,52,77,105,35,127,218,87,140,246,244,
131,178,205,126,183,13,38,12,90,3,172,190,31,142,5,170,
202,43,229,222,118,97,167,201,150,182,54,41,67,173,234,
202,139,219,152,255,34,15,191,247,240,37,69,210,46,137,
148,86,105,182,112,77,238,106,8,115,135,239,117,148,12,
71,65,61,149,149,238,4,8,48,118,236,135,158,183,156,215,
132,122,46,139,35,81,172,60,217,218,157,198,183,10,142,
41,67,186,92,144,238,232,144,223,150,33,7,141,63,164,
230,173,145,48,36,152,147,32,83,156,37,23,191,250,58,51,
26,228,110,156,248,226,26,247,42,10,180,228,98,202,249,
31,223,122,26,83,94,47,134,135,202,150,140,201,178,178,
137,77,116,240,36,174,17,44,221,75,61,53,196,213,107,79,
230,160,158,202,223,113,180,19,11,255,19,247,161,211,
221,185,204,232,155,16,207,175,83,7,237,175,220,121,90,
170,96,198,200,43,146,250,75,86,97,65,60,250,211,255,
104,133,172,217,210,30,144,86,10,90,96,157,85,79,59,249,
206,138>>,
{session,undefined,undefined,undefined,undefined,
undefined,false,undefined},
20499,ssl_session_cache,undefined,undefined,false,
undefined,undefined,
{'RSAPrivateKey','two-prime',
30412849349635586059878763176680338042806370928303169072580788733024438138591624114344661613699569307282187776490585714522517050565529617950655734681469324828571314711428867434319920530980711392758700590981596083356704738486321722811445451684075618202284684847604912244382636109829288466866694913244559971697849183994297490539908862341588923396172960090070282527346558060132865021448687169667310568206513992904712186265982889729037153800223846493957161193620543020688239671219777230989849538520312806141702778165525520364118176466217430310054602386812099554335308017341261109213665732076271625040081260558423830719377,
65537,
15199231804150546259658042484791966551963578848813856243560714914822915640833292103958537953118116384964424618816792863691594075974988046092098009948916868274565455708125634299346634071611627633962886925804052924579735878963676936497600941132620179791254257637877896314147191365262961154085247394502328039931767245176290407517156245147167225384726350170243685109653662879990481102526168621741076751484642682168826381020813101510533444174790316691177259394914972358200408962095948054841259799747816506752270496315220170738960924479086469481940145231690103702610522190880399648129761477972116477505211965989493531309937,
176191409302436409962613455746475864610360333729834662591534394409663736050830385559280211933901474704302550960882948381498437634097559237504384892632519298195621737913663090630551501287500290638791916696994910572811737440764017948768162498168387518624603640493626338734757174408297008712871342547046062968773,
172612555118571442807091000766318626155131399021717029980434951225715253087609998682422104752170804119306391847675331885937326037489735337859546704781797012286523769446860097366850215779124291431114338493212796775116102030799794358724497530713924646525414698841688697157985955712166061805209593917296689331549,
115903444433627393782263321545723293331734054164222225210892027584256572449507905186866785127399184849045448785046396243696852820257472478863680691688255061778989645008679725395796822001414659353031068139231954233716215642251222085345576111525329549764925342157273276401618189772044808880926946913777711318945,
160346862926570173155556405185673405256944925346630648110363303639494401757384328238794234360928308509443110543455974567280534799615104252084916968843795140271961900665652116021390071816425635325483939262810245627188737532006217565026586655932736202152482519271281991592202648637512700347912783277919685772993,
153756145373284063246387226074130484888653092242571108769579800148375684177761146700330667363028796981671449245310468559005581499287242595226649317375919855635375141187450874362896818902873290546399632649342407712407283763334294537805123192425374231179698233819636663246910878178808591809105825780945571002589,
asn1_NOVALUE},
undefined,undefined,#Ref<0.0.0.73>,
{<0.35.0>,#Ref<0.0.0.80>},
0,<<>>,true}
** Reason for termination =
** {function_clause,[{pubkey_cert,select_extension,[{2,5,29,35},asn1_NOVALUE]},
{pubkey_cert,issuer_id,2},
{ssl_certificate,certificate_chain,4},
{ssl_handshake,certificate,3},
{ssl_connection,certify_server,1},
{ssl_connection,server_certify_and_key_exchange,1},
{ssl_connection,do_server_hello,2},
{lists,foldl,3}]}
=CRASH REPORT==== 3-May-2010::15:57:29 ===
crasher:
initial call: ssl_connection:init/1
pid: <0.60.0>
registered_name: []
exception exit: {function_clause,
[{pubkey_cert,select_extension,
[{2,5,29,35},asn1_NOVALUE]},
{pubkey_cert,issuer_id,2},
{ssl_certificate,certificate_chain,4},
{ssl_handshake,certificate,3},
{ssl_connection,certify_server,1},
{ssl_connection,server_certify_and_key_exchange,1},
{ssl_connection,do_server_hello,2},
{lists,foldl,3}]}
in function gen_fsm:terminate/7
ancestors: [ssl_connection_sup,ssl_sup,<0.50.0>]
messages: []
links: [<0.54.0>]
dictionary: []
trap_exit: false
status: running
heap_size: 610
stack_size: 24
reductions: 1822
neighbours:
=SUPERVISOR REPORT==== 3-May-2010::15:57:29 ===
Supervisor: {local,ssl_connection_sup}
Context: child_terminated
Reason: {function_clause,
[{pubkey_cert,select_extension,
[{2,5,29,35},asn1_NOVALUE]},
{pubkey_cert,issuer_id,2},
{ssl_certificate,certificate_chain,4},
{ssl_handshake,certificate,3},
{ssl_connection,certify_server,1},
{ssl_connection,server_certify_and_key_exchange,1},
{ssl_connection,do_server_hello,2},
{lists,foldl,3}]}
Offender: [{pid,<0.60.0>},
{name,undefined},
{mfa,
{ssl_connection,start_link,
[server,"localhost",10000,#Port<0.1154>,
{{ssl_options,[],verify_none,#Fun<ssl.2.46498989>,
false,false,1,
"TEST_CA/hosts/pacifico_server/cert.pem",
"TEST_CA/hosts/pacifico_server/key.pem",
undefined,[],"TEST_CA/ca-cert.pem",
[<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
#Fun<ssl.0.78632910>,false,[]},
{socket_options,list,0,0,0,false}},
<0.35.0>,
{gen_tcp,tcp,tcp_closed}]}},
{restart_type,temporary},
{shutdown,4000},
{child_type,worker}]
Any ideas what might be going on?
Regards,
M
More information about the erlang-questions
mailing list