[erlang-questions] Making SSL fail silently

Ingela Andin ingela.andin@REDACTED
Sat Mar 8 22:49:24 CET 2014


Hi!

2014-03-07 11:14 GMT+01:00 Danil Zagoskin <z@REDACTED>:

> Thank you!
>
> May I help you? Test case, pull request, etc?
>
>
You are always welcome to make a pull request which, if you follow the
guide lines, should include a test case.


Regards Ingela Erlang/OTP team - Ericsson AB



>
> 2014-03-07 1:39 GMT+04:00 Ingela Andin <ingela.andin@REDACTED>:
>
>> Hi!
>>
>> 2014-03-06 11:50 GMT+01:00 Danil Zagoskin <z@REDACTED>:
>>
>> Hello!
>>>
>>> My application is listening SSL port
>>> using ssl:listen, ssl:transport_accept and ssl:ssl_accept (indeed it uses
>>> some old patched mochiweb).
>>> Erlang/OTP release is R16B02.
>>> I use SASL for error logging.
>>>
>>> Due to existence of network scanners, network errors and buggy clients
>>> some of connections fail to negotiate. This leads to two kind of log
>>> entries:
>>>   1. "insufficient security", etc.
>>>   2. Crash reports due to a function_clause error
>>> in tls_v1:enum_to_oid(0) (this may be not the only one, but definitely the
>>> most popular)
>>>
>>> First one seems to be fixed by {log_alert, false} ssl option.
>>> Second one keeps flooding logs with huge state printouts.
>>>
>>> So, my question is: How to make all SSL-related troubles not to generate
>>> error reports? Simple {error, handshake_failed} returned by one of
>>> accepting functions would be enough.
>>>
>>>
>>>
>>
>>
>> The first option should logically be enough. I think the problem is that
>> tls_v1:enum_to_oid
>>  should have a try and throw a handshake alert if it fails or be
>> ignored, depending on situation, i.e. be an expected error instead of an
>> unexpected error.  I will create an issue to handle that.
>>
>> Regards Ingela  Erlang/OTP team - Ericsson AB
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
>
> --
> ---------------------------------------------
> Данил Загоскин | +7 906 064 20 47 | z@REDACTED
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140308/aa25f77f/attachment.htm>


More information about the erlang-questions mailing list