[erlang-questions] ssl client issue

Bogdan Andu bog495@REDACTED
Fri Nov 28 10:29:05 CET 2014


but curiously enough, with self-signed-certificate servers is working
regardless protocol versions - just works.

Perhaps 'SNI-extension that must be empty' is not involved in this case?

Bogdan

On Thu, Nov 27, 2014 at 10:49 PM, Dave Cottlehuber <dch@REDACTED>
wrote:

> Looks like
> http://erlang.org/pipermail/erlang-questions/2014-September/081176.html
>
> On OSX I applied
> https://github.com/erlang/otp/commit/b196730a325cfe74312c3a5f4b1273ba7c705ed6.diff to
> fix this, and for FreeBSD I just switched to a newer
> https://github.com/erlang/otp/archive/OTP-17.3.4.tar.gz
>
> A+
> Dave
>
> -----Original Message-----
> From: Bogdan Andu <bog495@REDACTED>
> Reply: Bogdan Andu <bog495@REDACTED>>
> Date: 27. November 2014 at 13:57:10
> To: Erlang <erlang-questions@REDACTED>>
> Subject:  Re: [erlang-questions] ssl client issue
>
> > Hi,
> >
> > I didn't know that, I'll upgrade to the latest otp.
> >
> > Thank you,
> >
> > Bogdan
> >
> > On Thu, Nov 27, 2014 at 2:49 PM, Loïc Hoguin wrote:
> >
> > > If you are using 17.3 you need to update to 17.3.2 or above. 17.3
> shipped
> > > with a broken SSL client and the OTP team didn't deem worthwhile to
> issue
> > > an official patch.
> > >
> > > On 11/27/2014 02:38 PM, Bogdan Andu wrote:
> > >
> > >> Hi,
> > >>
> > >> I am trying to connet to a site using https protocol and I get error:
> > >> $ erl -noshell -s inets -s ssl -eval 'ok= httpc:request(get,
> > >> {"https://github.com/rebar/rebar/wiki/rebar", []}, [], [{stream,
> > >> "./rebar"}])' -s init stop
> > >>
> > >>
> > >> {"init terminating in
> > >> do_boot",{{badmatch,{error,{failed_connect,[{to_address,{"github.com
> > >> ",443}},{inet,[inet],{eoptions,{{{badmatch,<<0
> > >> bytes>>},[{ssl_handshake,dec_hello_extensions,2,[{file,"
> > >> ssl_handshake.erl"},{line,1737}]},{ssl_handshake,decode_
> > >> handshake,3,[{file,"ssl_handshake.erl"},{line,926}]},{
> > >> tls_handshake,get_tls_handshake_aux,3,[{file,"tls_
> > >> handshake.erl"},{line,155}]},{tls_connection,next_state,4,[{
> > >> file,"tls_connection.erl"},{line,433}]},{gen_fsm,handle_
> > >> msg,7,[{file,"gen_fsm.erl"},{line,503}]},{proc_lib,init_p_
> > >> do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]},{gen_fsm,
> > >> sync_send_all_state_event,[<0.54.0>,{start,infinity},
> > >> infinity]}}}}]}}},[{erl_eval,expr,3,[]}]}}
> > >>
> > >> I fed the ssl versions options to ssl option in httpc:
> > >>
> > >> $ erl -noshell -s inets -s ssl -ssl protocol_versions '[tlsv1]' -eval
> > >> 'ok= httpc:request(get, {"https://github.com/rebar/rebar/wiki/rebar",
> > >> []}, [{ssl, [ {versions, [tlsv1]} ]}], [{stream, "./rebar"}])' -s init
> > >> stop
> > >>
> > >> and I get the same error.
> > >>
> > >> githum.com does not serves sslv3 connections
> > >> anymore, but google.com does and I get the same
> > >>
> > >> error (more detailed) :
> > >>
> > >> =ERROR REPORT==== 27-Nov-2014::14:36:42 ===
> > >> ** State machine <0.54.0> terminating
> > >> ** Last message in was {tcp,#Port<0.1310>,
> > >>
> > >> <<22,3,1,0,93,2,0,0,89,3,1,84,119,26,218,49,140,
> > >>
> > >> 143,214,55,227,58,228,149,69,14,208,108,222,237,
> > >>
> > >> 222,62,130,116,69,128,135,31,62,197,66,236,180,
> > >>
> > >> 32,177,252,205,17,16,73,136,136,192,180,178,231,
> > >>
> > >> 184,31,16,165,117,167,10,94,112,148,137,123,19,
> > >>
> > >> 218,177,209,242,30,105,160,192,7,0,0,17,0,0,0,0,
> > >>
> > >> 255,1,0,1,0,0,11,0,4,3,0,1,2,22,3,1,14,78,11,0,
> > >>
> > >> 14,74,0,14,71,0,6,201,48,130,6,197,48,130,5,173,
> > >>
> > >> 160,3,2,1,2,2,8,37,174,101,117,232,1,104,64,48,
> > >>
> > >> 13,6,9,42,134,72,134,247,13,1,1,5,5,0,48,73,49,
> > >>
> > >> 11,48,9,6,3,85,4,6,19,2,85,83,49,19,48,17,6,3,
> > >>
> > >> 85,4,10,19,10,71,111,111,103,108,101,32,73,110,
> > >>
> > >> 99,49,37,48,35,6,3,85,4,3,19,28,71,111,111,103,
> > >>
> > >> 108,101,32,73,110,116,101,114,110,101,116,32,65,
> > >>
> > >> 117,116,104,111,114,105,116,121,32,71,50,48,30,
> > >>
> > >> 23,13,49,52,49,49,50,48,48,57,50,57,49,52,90,23,
> > >> 13,49,53,48,50,49,56,48,48,48,
> > >> 48,48,48,90,48,
> > >>
> > >> 102,49,11,48,9,6,3,85,4,6,19,2,85,83,49,19,48,
> > >>
> > >> 17,6,3,85,4,8,12,10,67,97,108,105,102,111,114,
> > >>
> > >> 110,105,97,49,22,48,20,6,3,85,4,7,12,13,77,111,
> > >>
> > >> 117,110,116,97,105,110,32,86,105,101,119,49,19,
> > >>
> > >> 48,17,6,3,85,4,10,12,10,71,111,111,103,108,101,
> > >>
> > >> 32,73,110,99,49,21,48,19,6,3,85,4,3,12,12,42,46,
> > >>
> > >> 103,111,111,103,108,101,46,99,111,109,48,89,48,
> > >>
> > >> 19,6,7,42,134,72,206,61,2,1,6,8,42,134,72,206,
> > >>
> > >> 61,3,1,7,3,66,0,4,239,17,2,30,58,209,122,37,213,
> > >>
> > >> 224,230,99,232,174,177,189,137,205,210,61,217,
> > >>
> > >> 56,170,25,54,178,25,237,226,204,35,216,210,186,
> > >> 50,69,44,117,245,182,108,110,
> > >> 144,22,136,1,44,
> > >>
> > >> 223,216,101,244,211,3,91,5,143,64,182,1,108,149,
> > >>
> > >> 202,14,212,163,130,4,93,48,130,4,89,48,29,6,3,
> > >>
> > >> 85,29,37,4,22,48,20,6,8,43,6,1,5,5,7,3,1,6,8,43,
> > >>
> > >> 6,1,5,5,7,3,2,48,130,3,38,6,3,85,29,17,4,130,3,
> > >>
> > >> 29,48,130,3,25,130,12,42,46,103,111,111,103,108,
> > >>
> > >> 101,46,99,111,109,130,13,42,46,97,110,100,114,
> > >>
> > >> 111,105,100,46,99,111,109,130,22,42,46,97,112,
> > >>
> > >> 112,101,110,103,105,110,101,46,103,111,111,103,
> > >>
> > >> 108,101,46,99,111,109,130,18,42,46,99,108,111,
> > >> 117,100,46,103,111,111,103,
> > >> 108,101,46,99,111,
> > >>
> > >> 109,130,22,42,46,103,111,111,103,108,101,45,97,
> > >>
> > >> 110,97,108,121,116,105,99,115,46,99,111,109,130,
> > >>
> > >> 11,42,46,103,111,111,103,108,101,46,99,97,130,
> > >>
> > >> 11,42,46,103,111,111,103,108,101,46,99,108,130,
> > >>
> > >> 14,42,46,103,111,111,103,108,101,46,99,111,46,
> > >>
> > >> 105,110,130,14,42,46,103,111,111,103,108,101,46,
> > >>
> > >> 99,111,46,106,112,130,14,42,46,103,111,111,103,
> > >>
> > >> 108,101,46,99,111,46,117,107,130,15,42,46,103,
> > >>
> > >> 111,111,103,108,101,46,99,111,109,46,97,114,130,
> > >>
> > >> 15,42,46,103,111,111,103,108,101,46,99,111,109,
> > >>
> > >> 46,97,117,130,15,42,46,103,111,111,103,108,101,
> > >> 46,99,111,109,46,98,114,130,
> > >> 15,42,46,103,111,
> > >>
> > >> 111,103,108,101,46,99,111,109,46,99,111,130,15,
> > >>
> > >> 42,46,103,111,111,103,108,101,46,99,111,109,46,
> > >>
> > >> 109,120,130,15,42,46,103,111,111,103,108,101,46,
> > >>
> > >> 99,111,109,46,116,114,130,15,42,46,103,111,111,
> > >>
> > >> 103,108,101,46,99,111,109,46,118,110,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,100,101,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,101,115,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,102,114,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,104,117,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,105,116,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,110,108,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,112,108,130,11,42,
> > >>
> > >> 46,103,111,111,103,108,101,46,112,116,130,18,42,
> > >> 46,103,111,111,103,108,101,97,
> > >> 100,97,112,105,
> > >>
> > >> 115,46,99,111,109,130,15,42,46,103,111,111,103,
> > >>
> > >> 108,101,97,112,105,115,46,99,110,130,20,42,46,
> > >>
> > >> 103,111,111,103,108,101,99,111,109,109,101,114,
> > >>
> > >> 99,101,46,99,111,109,130,17,42,46,103,111,111,
> > >>
> > >> 103,108,101,118,105,100,101,111,46,99,111,109,
> > >> 130,12,42,46,103,115,116,97,
> > >> 116,105,99,46,99,
> > >>
> > >> 110,130,13,42,46,103,115,116,97,116,105,99,46,
> > >> 99,111,109,130,10,42,46,103,
> > >> 118,116,49,46,99,
> > >>
> > >> 111,109,130,10,42,46,103,118,116,50,46,99,111,
> > >>
> > >> 109,130,20,42,46,109,101,116,114,105,99,46,103,
> > >>
> > >> 115,116,97,116,105,99,46,99,111,109,130,12,42,
> > >>
> > >> 46,117,114,99,104,105,110,46,99,111,109,130,16,
> > >>
> > >> 42,46,117,114,108,46,103,111,111,103,108,101,46,
> > >>
> > >> 99,111,109,130,22,42,46,121,111,117,116,117,98,
> > >>
> > >> 101,45,110,111,99,111,111,107,105,101,46,99,111,
> > >>
> > >> 109,130,13,42,46,121,111,117,116,117,98,101,46,
> > >>
> > >> 99,111,109,130,22,42,46,121,111,117,116,117,98,
> > >>
> > >> 101,101,100,117,99,97,116,105,111,110,46,99,111,
> > >>
> > >> 109,130,11,42,46,121,116,105,109,103,46,99,111,
> > >>
> > >> 109,130,11,97,110,100,114,111,105,100,46,99,111,
> > >> 109,130,4,103,46,99,111,130,6,
> > >> 103,111,111,46,
> > >> 103,108,130,20,103,111,111,
> > >> 103,108,101,45,97,
> > >>
> > >> 110,97,108,121,116,105,99,115,46,99,111,109,130,
> > >>
> > >> 10,103,111,111,103,108,101,46,99,111,109,130,18,
> > >>
> > >> 103,111,111,103,108,101,99,111,109,109,101,114,
> > >>
> > >> 99,101,46,99,111,109,130,10,117,114,99,104,105,
> > >>
> > >> 110,46,99,111,109,130,8,121,111,117,116,117,46,
> > >>
> > >> 98,101,130,11,121,111,117,116,117,98,101,46,99,
> > >>
> > >> 111,109,130,20,121,111,117,116,117,98,101,101,
> > >>
> > >> 100,117,99,97,116,105,111,110,46,99,111,109,48,
> > >>
> > >> 11,6,3,85,29,15,4,4,3,2,7,128,48,104,6,8,43,6,1,
> > >>
> > >> 5,5,7,1,1,4,92,48,90,48,43,6,8,43,6,1,5,5,7,48,
> > >>
> > >> 2,134,31,104,116,116,112,58,47,47,112,107,105,
> > >>
> > >> 46,103,111,111,103,108,101,46,99,111,109,47,71,
> > >>
> > >> 73,65,71,50,46,99,114,116,48,43,6,8,43,6,1,5,5,
> > >>
> > >> 7,48,1,134,31,104,116,116,112,58,47,47,99,108,
> > >>
> > >> 105,101,110,116,115,49,46,103,111,111,103,108,
> > >>
> > >> 101,46,99,111,109,47,111,99,115,112,48,29,6,3,
> > >>
> > >> 85,29,14,4,22,4,20,94,50,174,238,148,244,84,157,
> > >>
> > >> 175,208,233,225,119,147,54,144,110,147,101,106,
> > >> 48,12,6,3,85,29,19,1>>}
> > >> ** When State == hello
> > >> ** Data == [{data,
> > >> [{"StateData",
> > >> {state,client,
> > >> {#Ref<0.0.0.55>,<0.50.0>},
> > >>
> > >> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,
> > >> "google.com
> > >> ",443,#Port<0.1310>,
> > >>
> > >> {ssl_options,tls,
> > >> [{3,1}],
> > >> verify_none,
> > >> {#Fun,[]},
> > >>
> > >> #Fun,false,false,undefined,1,
> > >>
> > >> <<>>,"***",<<>>,"***","***","***",<<>>,"***",
> > >> undefined,undefined,"***","***",
> > >> [<<"�\n">>,
> > >> <<192,20>>,
> > >> <<0,57>>,
> > >> <<0,56>>,
> > >> <<192,5>>,
> > >> <<192,15>>,
> > >> <<0,53>>,
> > >> <<"�\b">>,
> > >> <<192,18>>,
> > >> <<0,22>>,
> > >> <<0,19>>,
> > >> <<192,3>>,
> > >> <<"�\r">>,
> > >> <<0,10>>,
> > >> <<"�\t">>,
> > >> <<192,19>>,
> > >> <<0,51>>,
> > >> <<0,50>>,
> > >> <<192,4>>,
> > >> <<192,14>>,
> > >> <<0,47>>,
> > >> <<192,7>>,
> > >> <<192,17>>,
> > >> <<0,5>>,
> > >> <<0,4>>,
> > >> <<0,21>>,
> > >> <<192,2>>,
> > >> <<"�\f">>,
> > >> <<0,9>>],
> > >> #Fun,true,
> > >> 268435456,false,
> > >> undefined,false,undefined,
> > >> undefined,true,
> > >> undefined,false},
> > >> {socket_options,binary,0,0,0,false},
> > >> "***","***","***",12306,"***",24597,
> > >> ssl_session_cache,
> > >> {3,1},
> > >> false,undefined,
> > >> {undefined,undefined},
> > >>
> > >> undefined,undefined,"***","***","***",undefined,
> > >>
> > >> "***","***","***",16403,#Ref<0.0.0.57>,undefined,
> > >> "***",
> > >> {false,first},
> > >> {<0.50.0>,#Ref<0.0.0.54>},
> > >> undefined,
> > >> {[],[]},
> > >> false,true,false,false,undefined,undefined,
> > >> undefined}}]}]
> > >> ** Reason for termination =
> > >> ** {{badmatch,<<>>},
> > >> [{ssl_handshake,dec_hello_extensions,2,
> > >> [{file,"ssl_handshake.erl"},{line,1737}]},
> > >> {ssl_handshake,decode_handshake,3,
> > >> [{file,"ssl_handshake.erl"},{line,926}]},
> > >> {tls_handshake,get_tls_handshake_aux,3,
> > >> [{file,"tls_handshake.erl"},{line,155}]},
> > >>
> > >>
> {tls_connection,next_state,4,[{file,"tls_connection.erl"},{line,433}]},
> > >> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},
> > >> {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
> > >>
> > >>
> > >> why I cannot connect to a https site?
> > >>
> > >> Bogdan
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> erlang-questions mailing list
> > >> erlang-questions@REDACTED
> > >> http://erlang.org/mailman/listinfo/erlang-questions
> > >>
> > >>
> > > --
> > > Loïc Hoguin
> > > http://ninenines.eu
> > >
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> >
>
>> Dave Cottlehuber
> dch@REDACTED
> +43 688 60 56 21 44
> Sent from the Cloud
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141128/cfddb210/attachment.htm>


More information about the erlang-questions mailing list