[erlang-questions] SSL crashes while decoding alert.

atul atri <>
Fri Apr 11 19:46:45 CEST 2014


Hi,

My Bad. I wanted to hide website URL so I replaced it by somewhere.com. I
will mail you website URL separately.

Thanks & Regards,
Atul Atri.


On Fri, Apr 11, 2014 at 8:48 PM, Ingela Andin <>wrote:

>
> Hi!
>
> This is what happens when I do what you say you do.
>
> Erlang/OTP 17 [erts-6.0] [source-fa45816] [64-bit] [smp:8:8]
> [async-threads:10] [hipe] [kernel-poll:false]
>
>
> Eshell V6.0  (abort with ^G)
> 1>  inets:start().
> ok
> 2>  ssl:start().
> ok
> 3> httpc:request("https://somewhere.com").
> {ok,{{"HTTP/1.1",200,"OK"},
>      [{"cache-control","max-age=0, private, must-revalidate"},
>       {"connection","keep-alive"},
>       {"date","Fri, 11 Apr 2014 15:03:08 GMT"},
>       {"etag","\"abf551bf9c340cc2649822f9e27e82ff\""},
>       {"vary","Accept-Encoding"},
>       {"content-length","41024"},
>       {"content-type","text/html; charset=utf-8"},
>       {"last-modified","Thu, 30 Jan 2014 17:12:43 GMT"},
>       {"access-control-allow-methods","POST, GET, OPTIONS"},
>       {"access-control-allow-origin","*"},
>       {"access-control-max-age","1728000"},
>       {"set-cookie",
>        "_session_id=613ae6fdb421a8eb1cbc1d43509c4d53; path=/; expires=Fri,
> 18-Apr-2014 15:03:08 GMT; HttpOnly"},
>       {"status","200 OK"},
>       {"x-rack-cache","miss"},
>       {"x-request-id","9b2a35c1-f4c8-47fa-bcdc-e7f80090fe72"},
>       {"x-runtime","1.182360"},
>       {"x-ua-compatible","IE=Edge,chrome=1"}],
>      [60,33,68,79,67,84,89,80,69,32,104,116,109,108,62,60,104,
>       116,109,108,62,60,104,101|...]}}
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
> 2014-04-11 16:53 GMT+02:00 atul atri <>:
>
> Hi Ingela,
>>
>> I just tested this issue with erlang 17. This issue is not fixed.
>>
>> =============
>> [ otp_src_17.0]# erl
>> Erlang/OTP 17 [erts-6.0] [source] [64-bit] [smp:4:4] [async-threads:10]
>> [hipe] [kernel-poll:false]
>>
>> Eshell V6.0  (abort with ^G)
>> 1> inets:start().
>> ok
>> 2> ssl:start().
>> ok
>> 3> httpc:request("https://somewhere.com").
>>
>> {error,{failed_connect,[{to_address,{"somewhere.com",
>>                                      443}},
>>                         {inet,[inet],
>>
>> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>>
>> [{alert,1,112,{"tls_connection.erl",375}},
>>
>> hello,
>>
>> {state,client,
>>
>> {#Ref<0.0.0.63>,<0.57.0>},
>>
>> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>>
>> [{file,"tls_connection.erl"},{line,836}]},
>>
>> {tls_connection,handle_alerts,2,
>>
>> [{file,"tls_connection.erl"},{line,834}]},
>>
>> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},
>>
>>
>> {proc_lib,init_p_do_apply,3,
>>
>> [{file,"proc_lib.erl"},{line,239}]}]},
>>
>> {gen_fsm,sync_send_all_state_event,
>>
>> [<0.61.0>,{start,infinity},infinity]}}}}]}}
>> =================
>>
>> Server sends alert warning 112 (unrecognized_name), but
>> tls_connection.erl has no function to handle this alert. ssl_alert.hrl do
>> mention this alert.
>>
>> I also found
>> http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0.
>> Java 1.7 is also behaving kind of same. I have not tested myself though. As
>> first answer mentions, that most choose to ignore server alert warning 112
>> (unrecognized_name). Erlang/Otp should also consider to ignore it. This
>> thread mentions that we can disable SNI in java 1.7.  Do we have similar
>> option in Erlang/Otp? Is disabling SNI right choice?
>>
>> Adding following function in tls_connection.erl solves the problem:
>> =========
>> handle_alert(#alert{level = ?WARNING, description = ?UNRECOGNISED_NAME} =
>> Alert, StateName,
>> #state{ssl_options = SslOpts} = State0) ->
>>     log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
>>     {Record, State} = next_record(State0),
>>     next_state(StateName, StateName, Record, State).
>> ===========
>>
>> This issue supposed to be fixed in
>> https://github.com/erlang/otp/commit/d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4.
>> But It seems like you forgot to commit changes in file tls_connection.erl.
>>
>> Waiting for your kind reply to sort out this issue asap.
>>
>> Thanks & Regards,
>> Atul Atri.
>>
>>
>>
>>
>>
>> On Fri, Apr 4, 2014 at 7:10 PM, Ingela Andin <>wrote:
>>
>>> Hi!
>>>
>>> This is fixed in the latest version 17.0 (comming soon) or check master
>>> branch at github.
>>>
>>> Regards Ingela Erlang/OTP team - Ericsson AB
>>>
>>>
>>> 2014-04-04 10:33 GMT+02:00 atul atri <>:
>>>
>>>>  Hi,
>>>>
>>>> I am using httpc to connect to a website that is using invalid
>>>> certificate. But it is crashing while ssl handshake.
>>>>
>>>> ======
>>>> 7> httpc:request(post, {"https://somewhere.com", [],
>>>> "application/x-www-form-urlencoded", ""}, [{ssl, [{verify, verify_none}]}],
>>>> []).                               {error,{failed_connect,[{to_address,{"
>>>> somewhere.com",
>>>>                                      443}},
>>>>                         {inet,[inet],
>>>>
>>>> {eoptions,{{function_clause,[{tls_connection,handle_alert,
>>>>
>>>> [{alert,1,112,{"tls_connection.erl",375}},
>>>>
>>>> hello,
>>>>
>>>> {state,client,
>>>>
>>>> {#Ref<0.0.0.137>,<0.74.0>},
>>>>
>>>> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],
>>>>
>>>> [{file,"tls_connection.erl"},{line,834}]},
>>>>
>>>> {tls_connection,handle_alerts,2,
>>>>
>>>> [{file,"tls_connection.erl"},{line,832}]},
>>>>
>>>> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},
>>>>
>>>> {proc_lib,init_p_do_apply,3,
>>>>
>>>> [{file,"proc_lib.erl"},{line,239}]}]},
>>>>
>>>> {gen_fsm,sync_send_all_state_event,
>>>>
>>>> [<0.75.0>,{start,infinity},infinity]}}}}]}}
>>>> =======
>>>>
>>>> I am able to browse website in Firefox.
>>>>
>>>> My elang version is
>>>> ====
>>>> [ ~]# erl
>>>> Erlang R16B03-1 (erts-5.10.4) [source] [64-bit] [smp:2:2]
>>>> [async-threads:10] [hipe] [kernel-poll:false]
>>>>
>>>> Eshell V5.10.4  (abort with ^G)
>>>> ====
>>>>
>>>> I googled it and it looks some thing related to
>>>> http://permalink.gmane.org/gmane.comp.lang.erlang.bugs/4302.
>>>>
>>>> Any help to fix or work around this is much appreciated.
>>>>
>>>> Thanks & Regards,
>>>> Atul Atri.
>>>>
>>>>
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> 
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140411/4cdead7e/attachment.html>


More information about the erlang-questions mailing list