[erlang-questions] SSL crashes while decoding alert.

Ingela Andin <>
Fri Apr 11 17:18:20 CEST 2014


Hi!

This is what happens when I do what you say you do.

Erlang/OTP 17 [erts-6.0] [source-fa45816] [64-bit] [smp:8:8]
[async-threads:10] [hipe] [kernel-poll:false]

Eshell V6.0  (abort with ^G)
1>  inets:start().
ok
2>  ssl:start().
ok
3> httpc:request("https://somewhere.com").
{ok,{{"HTTP/1.1",200,"OK"},
     [{"cache-control","max-age=0, private, must-revalidate"},
      {"connection","keep-alive"},
      {"date","Fri, 11 Apr 2014 15:03:08 GMT"},
      {"etag","\"abf551bf9c340cc2649822f9e27e82ff\""},
      {"vary","Accept-Encoding"},
      {"content-length","41024"},
      {"content-type","text/html; charset=utf-8"},
      {"last-modified","Thu, 30 Jan 2014 17:12:43 GMT"},
      {"access-control-allow-methods","POST, GET, OPTIONS"},
      {"access-control-allow-origin","*"},
      {"access-control-max-age","1728000"},
      {"set-cookie",
       "_session_id=613ae6fdb421a8eb1cbc1d43509c4d53; path=/; expires=Fri,
18-Apr-2014 15:03:08 GMT; HttpOnly"},
      {"status","200 OK"},
      {"x-rack-cache","miss"},
      {"x-request-id","9b2a35c1-f4c8-47fa-bcdc-e7f80090fe72"},
      {"x-runtime","1.182360"},
      {"x-ua-compatible","IE=Edge,chrome=1"}],
     [60,33,68,79,67,84,89,80,69,32,104,116,109,108,62,60,104,
      116,109,108,62,60,104,101|...]}}

Regards Ingela Erlang/OTP team - Ericsson AB


2014-04-11 16:53 GMT+02:00 atul atri <>:

> Hi Ingela,
>
> I just tested this issue with erlang 17. This issue is not fixed.
>
> =============
> [ otp_src_17.0]# erl
> Erlang/OTP 17 [erts-6.0] [source] [64-bit] [smp:4:4] [async-threads:10]
> [hipe] [kernel-poll:false]
>
> Eshell V6.0  (abort with ^G)
> 1> inets:start().
> ok
> 2> ssl:start().
> ok
> 3> httpc:request("https://somewhere.com").
>
> {error,{failed_connect,[{to_address,{"somewhere.com",
>                                      443}},
>                         {inet,[inet],
>
> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>
> [{alert,1,112,{"tls_connection.erl",375}},
>
> hello,
>
> {state,client,
>
> {#Ref<0.0.0.63>,<0.57.0>},
>
> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>
> [{file,"tls_connection.erl"},{line,836}]},
>
> {tls_connection,handle_alerts,2,
>
> [{file,"tls_connection.erl"},{line,834}]},
>
> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},
>
>
> {proc_lib,init_p_do_apply,3,
>
> [{file,"proc_lib.erl"},{line,239}]}]},
>
> {gen_fsm,sync_send_all_state_event,
>
> [<0.61.0>,{start,infinity},infinity]}}}}]}}
> =================
>
> Server sends alert warning 112 (unrecognized_name), but tls_connection.erl
> has no function to handle this alert. ssl_alert.hrl do mention this alert.
>
> I also found
> http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0.
> Java 1.7 is also behaving kind of same. I have not tested myself though. As
> first answer mentions, that most choose to ignore server alert warning 112
> (unrecognized_name). Erlang/Otp should also consider to ignore it. This
> thread mentions that we can disable SNI in java 1.7.  Do we have similar
> option in Erlang/Otp? Is disabling SNI right choice?
>
> Adding following function in tls_connection.erl solves the problem:
> =========
> handle_alert(#alert{level = ?WARNING, description = ?UNRECOGNISED_NAME} =
> Alert, StateName,
> #state{ssl_options = SslOpts} = State0) ->
>     log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
>     {Record, State} = next_record(State0),
>     next_state(StateName, StateName, Record, State).
> ===========
>
> This issue supposed to be fixed in
> https://github.com/erlang/otp/commit/d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4.
> But It seems like you forgot to commit changes in file tls_connection.erl.
>
> Waiting for your kind reply to sort out this issue asap.
>
> Thanks & Regards,
> Atul Atri.
>
>
>
>
>
> On Fri, Apr 4, 2014 at 7:10 PM, Ingela Andin <>wrote:
>
>> Hi!
>>
>> This is fixed in the latest version 17.0 (comming soon) or check master
>> branch at github.
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>>
>> 2014-04-04 10:33 GMT+02:00 atul atri <>:
>>
>>>  Hi,
>>>
>>> I am using httpc to connect to a website that is using invalid
>>> certificate. But it is crashing while ssl handshake.
>>>
>>> ======
>>> 7> httpc:request(post, {"https://somewhere.com", [],
>>> "application/x-www-form-urlencoded", ""}, [{ssl, [{verify, verify_none}]}],
>>> []).                               {error,{failed_connect,[{to_address,{"
>>> somewhere.com",
>>>                                      443}},
>>>                         {inet,[inet],
>>>
>>> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>>>
>>> [{alert,1,112,{"tls_connection.erl",375}},
>>>
>>> hello,
>>>
>>> {state,client,
>>>
>>> {#Ref<0.0.0.137>,<0.74.0>},
>>>
>>> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>>>
>>> [{file,"tls_connection.erl"},{line,834}]},
>>>
>>> {tls_connection,handle_alerts,2,
>>>
>>> [{file,"tls_connection.erl"},{line,832}]},
>>>
>>> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},
>>>
>>> {proc_lib,init_p_do_apply,3,
>>>
>>> [{file,"proc_lib.erl"},{line,239}]}]},
>>>
>>> {gen_fsm,sync_send_all_state_event,
>>>
>>> [<0.75.0>,{start,infinity},infinity]}}}}]}}
>>> =======
>>>
>>> I am able to browse website in Firefox.
>>>
>>> My elang version is
>>> ====
>>> [ ~]# erl
>>> Erlang R16B03-1 (erts-5.10.4) [source] [64-bit] [smp:2:2]
>>> [async-threads:10] [hipe] [kernel-poll:false]
>>>
>>> Eshell V5.10.4  (abort with ^G)
>>> ====
>>>
>>> I googled it and it looks some thing related to
>>> http://permalink.gmane.org/gmane.comp.lang.erlang.bugs/4302.
>>>
>>> Any help to fix or work around this is much appreciated.
>>>
>>> Thanks & Regards,
>>> Atul Atri.
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> 
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140411/b9db4741/attachment.html>


More information about the erlang-questions mailing list