[erlang-questions] SSL crashes while decoding alert.
Ingela Andin
ingela.andin@REDACTED
Fri Apr 11 17:18:20 CEST 2014
Hi!
This is what happens when I do what you say you do.
Erlang/OTP 17 [erts-6.0] [source-fa45816] [64-bit] [smp:8:8]
[async-threads:10] [hipe] [kernel-poll:false]
Eshell V6.0 (abort with ^G)
1> inets:start().
ok
2> ssl:start().
ok
3> httpc:request("https://somewhere.com").
{ok,{{"HTTP/1.1",200,"OK"},
[{"cache-control","max-age=0, private, must-revalidate"},
{"connection","keep-alive"},
{"date","Fri, 11 Apr 2014 15:03:08 GMT"},
{"etag","\"abf551bf9c340cc2649822f9e27e82ff\""},
{"vary","Accept-Encoding"},
{"content-length","41024"},
{"content-type","text/html; charset=utf-8"},
{"last-modified","Thu, 30 Jan 2014 17:12:43 GMT"},
{"access-control-allow-methods","POST, GET, OPTIONS"},
{"access-control-allow-origin","*"},
{"access-control-max-age","1728000"},
{"set-cookie",
"_session_id=613ae6fdb421a8eb1cbc1d43509c4d53; path=/; expires=Fri,
18-Apr-2014 15:03:08 GMT; HttpOnly"},
{"status","200 OK"},
{"x-rack-cache","miss"},
{"x-request-id","9b2a35c1-f4c8-47fa-bcdc-e7f80090fe72"},
{"x-runtime","1.182360"},
{"x-ua-compatible","IE=Edge,chrome=1"}],
[60,33,68,79,67,84,89,80,69,32,104,116,109,108,62,60,104,
116,109,108,62,60,104,101|...]}}
Regards Ingela Erlang/OTP team - Ericsson AB
2014-04-11 16:53 GMT+02:00 atul atri <atulatri2004@REDACTED>:
> Hi Ingela,
>
> I just tested this issue with erlang 17. This issue is not fixed.
>
> =============
> [root@REDACTED otp_src_17.0]# erl
> Erlang/OTP 17 [erts-6.0] [source] [64-bit] [smp:4:4] [async-threads:10]
> [hipe] [kernel-poll:false]
>
> Eshell V6.0 (abort with ^G)
> 1> inets:start().
> ok
> 2> ssl:start().
> ok
> 3> httpc:request("https://somewhere.com").
>
> {error,{failed_connect,[{to_address,{"somewhere.com",
> 443}},
> {inet,[inet],
>
> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>
> [{alert,1,112,{"tls_connection.erl",375}},
>
> hello,
>
> {state,client,
>
> {#Ref<0.0.0.63>,<0.57.0>},
>
> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>
> [{file,"tls_connection.erl"},{line,836}]},
>
> {tls_connection,handle_alerts,2,
>
> [{file,"tls_connection.erl"},{line,834}]},
>
> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},
>
>
> {proc_lib,init_p_do_apply,3,
>
> [{file,"proc_lib.erl"},{line,239}]}]},
>
> {gen_fsm,sync_send_all_state_event,
>
> [<0.61.0>,{start,infinity},infinity]}}}}]}}
> =================
>
> Server sends alert warning 112 (unrecognized_name), but tls_connection.erl
> has no function to handle this alert. ssl_alert.hrl do mention this alert.
>
> I also found
> http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0.
> Java 1.7 is also behaving kind of same. I have not tested myself though. As
> first answer mentions, that most choose to ignore server alert warning 112
> (unrecognized_name). Erlang/Otp should also consider to ignore it. This
> thread mentions that we can disable SNI in java 1.7. Do we have similar
> option in Erlang/Otp? Is disabling SNI right choice?
>
> Adding following function in tls_connection.erl solves the problem:
> =========
> handle_alert(#alert{level = ?WARNING, description = ?UNRECOGNISED_NAME} =
> Alert, StateName,
> #state{ssl_options = SslOpts} = State0) ->
> log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
> {Record, State} = next_record(State0),
> next_state(StateName, StateName, Record, State).
> ===========
>
> This issue supposed to be fixed in
> https://github.com/erlang/otp/commit/d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4.
> But It seems like you forgot to commit changes in file tls_connection.erl.
>
> Waiting for your kind reply to sort out this issue asap.
>
> Thanks & Regards,
> Atul Atri.
>
>
>
>
>
> On Fri, Apr 4, 2014 at 7:10 PM, Ingela Andin <ingela.andin@REDACTED>wrote:
>
>> Hi!
>>
>> This is fixed in the latest version 17.0 (comming soon) or check master
>> branch at github.
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>>
>> 2014-04-04 10:33 GMT+02:00 atul atri <atulatri2004@REDACTED>:
>>
>>> Hi,
>>>
>>> I am using httpc to connect to a website that is using invalid
>>> certificate. But it is crashing while ssl handshake.
>>>
>>> ======
>>> 7> httpc:request(post, {"https://somewhere.com", [],
>>> "application/x-www-form-urlencoded", ""}, [{ssl, [{verify, verify_none}]}],
>>> []). {error,{failed_connect,[{to_address,{"
>>> somewhere.com",
>>> 443}},
>>> {inet,[inet],
>>>
>>> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>>>
>>> [{alert,1,112,{"tls_connection.erl",375}},
>>>
>>> hello,
>>>
>>> {state,client,
>>>
>>> {#Ref<0.0.0.137>,<0.74.0>},
>>>
>>> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>>>
>>> [{file,"tls_connection.erl"},{line,834}]},
>>>
>>> {tls_connection,handle_alerts,2,
>>>
>>> [{file,"tls_connection.erl"},{line,832}]},
>>>
>>> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},
>>>
>>> {proc_lib,init_p_do_apply,3,
>>>
>>> [{file,"proc_lib.erl"},{line,239}]}]},
>>>
>>> {gen_fsm,sync_send_all_state_event,
>>>
>>> [<0.75.0>,{start,infinity},infinity]}}}}]}}
>>> =======
>>>
>>> I am able to browse website in Firefox.
>>>
>>> My elang version is
>>> ====
>>> [root@REDACTED ~]# erl
>>> Erlang R16B03-1 (erts-5.10.4) [source] [64-bit] [smp:2:2]
>>> [async-threads:10] [hipe] [kernel-poll:false]
>>>
>>> Eshell V5.10.4 (abort with ^G)
>>> ====
>>>
>>> I googled it and it looks some thing related to
>>> http://permalink.gmane.org/gmane.comp.lang.erlang.bugs/4302.
>>>
>>> Any help to fix or work around this is much appreciated.
>>>
>>> Thanks & Regards,
>>> Atul Atri.
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140411/b9db4741/attachment.htm>
More information about the erlang-questions
mailing list