[erlang-questions] Making SSL fail silently

Danil Zagoskin z@REDACTED
Thu Mar 6 11:50:05 CET 2014


Hello!

My application is listening SSL port using ssl:listen, ssl:transport_accept
and ssl:ssl_accept (indeed it uses some old patched mochiweb).
Erlang/OTP release is R16B02.
I use SASL for error logging.

Due to existence of network scanners, network errors and buggy clients some
of connections fail to negotiate. This leads to two kind of log entries:
  1. "insufficient security", etc.
  2. Crash reports due to a function_clause error in tls_v1:enum_to_oid(0)
(this may be not the only one, but definitely the most popular)

First one seems to be fixed by {log_alert, false} ssl option.
Second one keeps flooding logs with huge state printouts.

So, my question is: How to make all SSL-related troubles not to generate
error reports? Simple {error, handshake_failed} returned by one of
accepting functions would be enough.

Maybe this is useful:
=ERROR REPORT==== 6-Mar-2014::05:35:19 ===
** State machine <0.19029.3> terminating
** Last message in was {tcp,#Port<0.68651>,
                            <<22,3,1,0,209,1,0,0,205,3,1,83,23,208,215,254,
                              236,125,231,33,138,62,193,101,12,193,176,102,
                              114,62,166,230,143,36,171,53,199,66,68,65,164,
                              166,184,0,0,100,0,51,0,50,0,57,0,56,0,22,0,19,

192,19,192,9,192,20,192,10,192,18,192,8,0,47,0,

53,0,10,0,21,0,18,0,61,0,60,0,103,0,64,0,107,0,

106,192,17,192,7,0,150,0,154,0,153,0,65,0,132,0,
                              69,0,68,0,136,0,135,0,186,0,190,0,189,0,192,0,
                              196,0,195,192,60,192,68,192,66,192,61,192,69,
                              192,67,0,9,0,5,0,4,0,255,1,0,0,64,0,10,0,54,0,

52,0,0,0,1,0,2,0,3,0,4,0,5,0,6,0,7,0,8,0,9,0,10,

0,11,0,12,0,13,0,14,0,15,0,16,0,17,0,18,0,19,0,
                              20,0,21,0,22,0,23,0,24,0,25,0,11,0,2,1,0>>}
** When State == hello
**      Data  == {state,server, LOTS_OF_STUFF_SKIPPED}
** Reason for termination =
**
{function_clause,[{tls_v1,enum_to_oid,[0],[{file,"tls_v1.erl"},{line,404}]},
                     {ssl_handshake,'-dec_hello_extensions/2-blc$^1/1-0-',1,

[{file,"ssl_handshake.erl"},{line,1467}]},
                     {ssl_handshake,dec_hello_extensions,2,

[{file,"ssl_handshake.erl"},{line,1467}]},
                     {tls_handshake,decode_handshake,3,

[{file,"tls_handshake.erl"},{line,237}]},
                     {tls_handshake,get_tls_handshake_aux,3,

[{file,"tls_handshake.erl"},{line,204}]},
                     {tls_connection,next_state,4,
                                     [{file,"tls_connection.erl"},
                                      {line,2546}]},

 {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},
                     {proc_lib,init_p_do_apply,3,
                               [{file,"proc_lib.erl"},{line,239}]}]}

-- 
Danil Zagoskin | z@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140306/12bc42cd/attachment.htm>


More information about the erlang-questions mailing list