[erlang-questions] 'new' SSL API crash
Brady McCary
brady.mccary@REDACTED
Mon May 3 21:26:17 CEST 2010
M,
I think you have just disclosed a private encryption key on this list.
Hopefully it is a dummy key.
Brady
On Mon, May 3, 2010 at 1:53 PM, <org.erlang@REDACTED> wrote:
> Hello. Is the 'ssl_new' module known to be broken, currently?
>
> I've tried using the 'old' ssl module but it seems to have no way to
> actually fail SSL handshakes for non-verified connections and the like,
> so I'm forced to use the new implementation.
>
> However, I can't get it to do anything without crashing. I know the
> certificates are valid as I've tested them using the openssl s_client
> and s_server command line utilities.
>
> Test program:
>
> -module (sslserv_new).
> -export ([start/0]).
>
> server_ssl_settings () -> [
> %% Socket options.
> {active, false},
> {reuseaddr, true},
>
> %% SSL options.
> {cacertfile, "TEST_CA/ca-cert.pem"},
> {certfile, "TEST_CA/hosts/pacifico_server/cert.pem"},
> {keyfile, "TEST_CA/hosts/pacifico_server/key.pem"},
> {ssl_imp, new},
> {verify, verify_peer},
> {depth, 1},
> {ciphers, ssl:cipher_suites()},
> {reuse_sessions, false}
> ].
>
> start() ->
> io:format ("ssl:listen\n"),
> {ok, Socket} = ssl:listen (10000, server_ssl_settings ()),
>
> io:format ("ssl:transport_accept\n"),
> {ok, Client_Socket} = ssl:transport_accept (Socket),
>
> io:format ("ssl:ssl_accept\n"),
> case ssl:ssl_accept (Client_Socket) of
> ok ->
> io:format ("ssl:ssl_accept: accepted\n"),
> io:format ("ssl:close\n"),
> ok = ssl:close (Client_Socket);
> {error, Reason} ->
> io:format ("ssl:ssl_accept: error ~w\n", [Reason])
> end,
>
> io:format ("ssl:close\n"),
> ok = ssl:close (Socket).
>
> --
>
> Erlang R13B03 (erts-5.7.4) [source] [64-bit] [smp:8:8] [rq:8] [async-threads:0] [hipe] [kernel-poll:false]
> Eshell V5.7.4 (abort with ^G)
>
> application:start (sasl),
> application:start (crypto),
> application:start (ssl),
>
> --
>
> 1> ssl:versions().
> [{ssl_app,"3.10.7"},
> {supported,[tlsv1,sslv3]},
> {available,[tlsv1,sslv3]}]
> 2> sslserv_new:start().
> ssl:listen
> ssl:transport_accept
> ssl:ssl_accept
>
> Then, connecting using 'openssl s_client' using a known, verifiable test certificate:
>
> ** exception exit: {{function_clause,[{pubkey_cert,select_extension,
> [{2,5,29,35},asn1_NOVALUE]},
> {pubkey_cert,issuer_id,2},
> {ssl_certificate,certificate_chain,4},
> {ssl_handshake,certificate,3},
> {ssl_connection,certify_server,1},
> {ssl_connection,server_certify_and_key_exchange,1},
> {ssl_connection,do_server_hello,2},
> {lists,foldl,3}]},
> {gen_fsm,sync_send_all_state_event,
> [<0.60.0>,started,infinity]}}
> in function gen_fsm:sync_send_all_state_event/3
> in call from ssl:ssl_accept/2
> in call from sslserv_new:start/0
> 3>
> =ERROR REPORT==== 3-May-2010::15:57:29 ===
> ** State machine <0.60.0> terminating
> ** Last event in was {ssl_tls,undefined,22,
> {3,1},
> <<1,0,0,133,3,1,0,93,0,0,0,32,0,0,57,0,0,56,0,0,
> 53,0,0,136,0,0,135,0,0,132,0,0,22,0,0,19,0,0,
> 10,7,0,192,0,0,51,0,0,50,0,0,47,0,0,69,0,0,68,
> 0,0,65,3,0,128,0,0,5,0,0,4,1,0,128,0,0,21,0,0,
> 18,0,0,9,6,0,64,0,0,20,0,0,17,0,0,8,0,0,6,4,0,
> 128,0,0,3,2,0,128,198,211,40,132,76,120,105,
> 20,171,188,10,216,42,133,0,122,173,212,152,
> 167,161,137,84,183,0,215,233,12,153,221,99,235>>} (for all states)
> ** When State == hello
> ** Data == {state,server,
> {#Ref<0.0.0.70>,<0.35.0>},
> gen_tcp,tcp,tcp_closed,"localhost",10000,#Port<0.1154>,
> {ssl_options,[],verify_none,#Fun<ssl.2.46498989>,false,
> false,1,"TEST_CA/hosts/pacifico_server/cert.pem",
> "TEST_CA/hosts/pacifico_server/key.pem",undefined,
> undefined,"TEST_CA/ca-cert.pem",
> [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
> #Fun<ssl.0.78632910>,false,[]},
> {socket_options,list,0,0,0,false},
> {connection_states,
> {connection_state,
> {security_parameters,undefined,0,0,0,undefined,
> undefined,undefined,undefined,0,undefined,0,
> undefined,undefined,undefined,undefined},
> undefined,undefined,undefined,1},
> {connection_state,
> {security_parameters,undefined,0,undefined,
> undefined,undefined,undefined,undefined,
> undefined,undefined,undefined,undefined,
> undefined,undefined,
> <<75,222,242,105,194,191,18,141,171,244,247,
> 203,234,237,111,11,152,119,181,103,91,155,
> 92,85,84,17,57,121,20,164,73,110>>,
> undefined},
> undefined,undefined,undefined,undefined},
> {connection_state,
> {security_parameters,undefined,0,0,0,undefined,
> undefined,undefined,undefined,0,undefined,0,
> undefined,undefined,undefined,undefined},
> undefined,undefined,undefined,0},
> {connection_state,
> {security_parameters,undefined,0,undefined,
> undefined,undefined,undefined,undefined,
> undefined,undefined,undefined,undefined,
> undefined,undefined,
> <<75,222,242,105,194,191,18,141,171,244,247,
> 203,234,237,111,11,152,119,181,103,91,155,
> 92,85,84,17,57,121,20,164,73,110>>,
> undefined},
> undefined,undefined,undefined,undefined}},
> <<>>,<<>>,
> {{<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
> 16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
> 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
> 98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
> 0,0,0,0,0>>,
> <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
> 50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,97,
> 120,95,116,111,111,108,115,45,49,46,54,46,52,47,101,
> 98,105,110,47,115,115,108,95,104,97,110,100,115,104,
> 97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,0,0,
> 185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>},
> {<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
> 16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
> 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
> 98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
> 0,0,0,0,0>>,
> <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
> 50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,
> 97,120,95,116,111,111,108,115,45,49,46,54,46,52,47,
> 101,98,105,110,47,115,115,108,95,104,97,110,100,115,
> 104,97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,
> 0,0,185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>}},
> [],
> <<48,130,3,93,48,130,2,69,2,1,1,48,13,6,9,42,134,72,134,
> 247,13,1,1,5,5,0,48,129,136,49,17,48,15,6,3,85,4,10,19,
> 8,80,65,67,73,70,73,67,79,49,20,48,18,6,3,85,4,11,20,11,
> 112,97,99,105,102,105,99,111,95,99,97,49,36,48,34,6,9,
> 42,134,72,134,247,13,1,9,1,22,21,112,97,99,105,102,105,
> 99,111,95,99,97,64,108,111,99,97,108,104,111,115,116,49,
> 10,48,8,6,3,85,4,7,19,1,46,49,10,48,8,6,3,85,4,8,19,1,
> 46,49,11,48,9,6,3,85,4,6,19,2,90,90,49,18,48,16,6,3,85,
> 4,3,19,9,108,111,99,97,108,104,111,115,116,48,30,23,13,
> 49,48,48,53,48,50,49,51,52,57,52,51,90,23,13,50,48,48,
> 52,50,57,49,51,52,57,52,51,90,48,96,49,11,48,9,6,3,85,4,
> 6,19,2,90,90,49,10,48,8,6,3,85,4,8,19,1,46,49,17,48,15,
> 6,3,85,4,10,19,8,80,65,67,73,70,73,67,79,49,24,48,22,6,
> 3,85,4,11,20,15,112,97,99,105,102,105,99,111,95,115,101,
> 114,118,101,114,49,24,48,22,6,3,85,4,3,20,15,112,97,99,
> 105,102,105,99,111,95,115,101,114,118,101,114,48,130,1,
> 34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,
> 0,48,130,1,10,2,130,1,1,0,240,234,138,84,118,47,107,232,
> 150,182,200,67,1,35,15,48,208,88,231,11,213,21,249,110,
> 226,145,33,249,255,250,114,58,255,247,130,249,140,60,
> 108,201,2,98,26,254,16,213,173,238,140,201,39,75,7,97,
> 209,120,94,80,69,11,72,117,162,83,84,194,57,232,106,19,
> 2,196,52,255,102,220,178,30,82,85,10,96,118,20,104,238,
> 54,214,183,157,110,205,247,220,236,34,209,225,95,113,
> 244,195,193,56,177,196,204,248,203,210,172,236,124,75,
> 60,246,172,183,76,9,253,155,20,101,63,66,12,109,213,186,
> 167,95,2,197,100,120,22,94,247,229,2,22,95,54,216,42,78,
> 230,204,144,123,218,153,113,128,155,236,88,228,171,169,
> 59,165,2,122,196,149,208,179,249,5,86,38,39,217,79,193,
> 7,121,41,193,201,3,43,109,225,62,195,67,173,248,3,245,
> 81,210,197,193,236,3,91,150,57,142,97,34,18,138,104,212,
> 252,188,6,165,221,221,243,166,115,40,247,179,191,163,
> 127,190,211,153,161,229,113,220,178,216,48,240,116,133,
> 103,20,107,225,88,214,163,63,233,4,175,50,61,6,22,240,
> 78,107,145,2,3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,
> 5,5,0,3,130,1,1,0,103,56,251,221,227,238,147,176,66,136,
> 67,183,114,184,232,52,77,105,35,127,218,87,140,246,244,
> 131,178,205,126,183,13,38,12,90,3,172,190,31,142,5,170,
> 202,43,229,222,118,97,167,201,150,182,54,41,67,173,234,
> 202,139,219,152,255,34,15,191,247,240,37,69,210,46,137,
> 148,86,105,182,112,77,238,106,8,115,135,239,117,148,12,
> 71,65,61,149,149,238,4,8,48,118,236,135,158,183,156,215,
> 132,122,46,139,35,81,172,60,217,218,157,198,183,10,142,
> 41,67,186,92,144,238,232,144,223,150,33,7,141,63,164,
> 230,173,145,48,36,152,147,32,83,156,37,23,191,250,58,51,
> 26,228,110,156,248,226,26,247,42,10,180,228,98,202,249,
> 31,223,122,26,83,94,47,134,135,202,150,140,201,178,178,
> 137,77,116,240,36,174,17,44,221,75,61,53,196,213,107,79,
> 230,160,158,202,223,113,180,19,11,255,19,247,161,211,
> 221,185,204,232,155,16,207,175,83,7,237,175,220,121,90,
> 170,96,198,200,43,146,250,75,86,97,65,60,250,211,255,
> 104,133,172,217,210,30,144,86,10,90,96,157,85,79,59,249,
> 206,138>>,
> {session,undefined,undefined,undefined,undefined,
> undefined,false,undefined},
> 20499,ssl_session_cache,undefined,undefined,false,
> undefined,undefined,
> {'RSAPrivateKey','two-prime',
> 30412849349635586059878763176680338042806370928303169072580788733024438138591624114344661613699569307282187776490585714522517050565529617950655734681469324828571314711428867434319920530980711392758700590981596083356704738486321722811445451684075618202284684847604912244382636109829288466866694913244559971697849183994297490539908862341588923396172960090070282527346558060132865021448687169667310568206513992904712186265982889729037153800223846493957161193620543020688239671219777230989849538520312806141702778165525520364118176466217430310054602386812099554335308017341261109213665732076271625040081260558423830719377,
> 65537,
> 15199231804150546259658042484791966551963578848813856243560714914822915640833292103958537953118116384964424618816792863691594075974988046092098009948916868274565455708125634299346634071611627633962886925804052924579735878963676936497600941132620179791254257637877896314147191365262961154085247394502328039931767245176290407517156245147167225384726350170243685109653662879990481102526168621741076751484642682168826381020813101510533444174790316691177259394914972358200408962095948054841259799747816506752270496315220170738960924479086469481940145231690103702610522190880399648129761477972116477505211965989493531309937,
> 176191409302436409962613455746475864610360333729834662591534394409663736050830385559280211933901474704302550960882948381498437634097559237504384892632519298195621737913663090630551501287500290638791916696994910572811737440764017948768162498168387518624603640493626338734757174408297008712871342547046062968773,
> 172612555118571442807091000766318626155131399021717029980434951225715253087609998682422104752170804119306391847675331885937326037489735337859546704781797012286523769446860097366850215779124291431114338493212796775116102030799794358724497530713924646525414698841688697157985955712166061805209593917296689331549,
> 115903444433627393782263321545723293331734054164222225210892027584256572449507905186866785127399184849045448785046396243696852820257472478863680691688255061778989645008679725395796822001414659353031068139231954233716215642251222085345576111525329549764925342157273276401618189772044808880926946913777711318945,
> 160346862926570173155556405185673405256944925346630648110363303639494401757384328238794234360928308509443110543455974567280534799615104252084916968843795140271961900665652116021390071816425635325483939262810245627188737532006217565026586655932736202152482519271281991592202648637512700347912783277919685772993,
> 153756145373284063246387226074130484888653092242571108769579800148375684177761146700330667363028796981671449245310468559005581499287242595226649317375919855635375141187450874362896818902873290546399632649342407712407283763334294537805123192425374231179698233819636663246910878178808591809105825780945571002589,
> asn1_NOVALUE},
> undefined,undefined,#Ref<0.0.0.73>,
> {<0.35.0>,#Ref<0.0.0.80>},
> 0,<<>>,true}
> ** Reason for termination =
> ** {function_clause,[{pubkey_cert,select_extension,[{2,5,29,35},asn1_NOVALUE]},
> {pubkey_cert,issuer_id,2},
> {ssl_certificate,certificate_chain,4},
> {ssl_handshake,certificate,3},
> {ssl_connection,certify_server,1},
> {ssl_connection,server_certify_and_key_exchange,1},
> {ssl_connection,do_server_hello,2},
> {lists,foldl,3}]}
>
> =CRASH REPORT==== 3-May-2010::15:57:29 ===
> crasher:
> initial call: ssl_connection:init/1
> pid: <0.60.0>
> registered_name: []
> exception exit: {function_clause,
> [{pubkey_cert,select_extension,
> [{2,5,29,35},asn1_NOVALUE]},
> {pubkey_cert,issuer_id,2},
> {ssl_certificate,certificate_chain,4},
> {ssl_handshake,certificate,3},
> {ssl_connection,certify_server,1},
> {ssl_connection,server_certify_and_key_exchange,1},
> {ssl_connection,do_server_hello,2},
> {lists,foldl,3}]}
> in function gen_fsm:terminate/7
> ancestors: [ssl_connection_sup,ssl_sup,<0.50.0>]
> messages: []
> links: [<0.54.0>]
> dictionary: []
> trap_exit: false
> status: running
> heap_size: 610
> stack_size: 24
> reductions: 1822
> neighbours:
>
> =SUPERVISOR REPORT==== 3-May-2010::15:57:29 ===
> Supervisor: {local,ssl_connection_sup}
> Context: child_terminated
> Reason: {function_clause,
> [{pubkey_cert,select_extension,
> [{2,5,29,35},asn1_NOVALUE]},
> {pubkey_cert,issuer_id,2},
> {ssl_certificate,certificate_chain,4},
> {ssl_handshake,certificate,3},
> {ssl_connection,certify_server,1},
> {ssl_connection,server_certify_and_key_exchange,1},
> {ssl_connection,do_server_hello,2},
> {lists,foldl,3}]}
> Offender: [{pid,<0.60.0>},
> {name,undefined},
> {mfa,
> {ssl_connection,start_link,
> [server,"localhost",10000,#Port<0.1154>,
> {{ssl_options,[],verify_none,#Fun<ssl.2.46498989>,
> false,false,1,
> "TEST_CA/hosts/pacifico_server/cert.pem",
> "TEST_CA/hosts/pacifico_server/key.pem",
> undefined,[],"TEST_CA/ca-cert.pem",
> [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
> #Fun<ssl.0.78632910>,false,[]},
> {socket_options,list,0,0,0,false}},
> <0.35.0>,
> {gen_tcp,tcp,tcp_closed}]}},
> {restart_type,temporary},
> {shutdown,4000},
> {child_type,worker}]
>
> Any ideas what might be going on?
>
> Regards,
> M
>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>
More information about the erlang-questions
mailing list