[erlang-questions] Force TLS v1.2
WW
kingwang98@REDACTED
Fri Apr 26 15:34:34 CEST 2019
Dialyzer warning if not export my function convert_result_and_exit/1
%%% ###=====================================================================###-spec convert_result_and_exit(any()) -> no_return().%%% ###=====================================================================###convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> exit({error, ErrReason});convert_result_and_exit(no_permission)-> exit(no_permission);convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}).
got a warning from dialyzer:
1569: The variable _E can never match since previous clauses completely covered the type 'no_permission' | {'error',binary()}
Anybody has an explanation why ?
Dialyzer bug ?
Best regards//KW
Best Regards W.W.(KingWang)
On Friday, April 26, 2019, 8:26:00 AM GMT+2, Frank Muller <frank.muller.erl@REDACTED> wrote:
Small typo in ssl_client/0:_______________________________
tcp_client() ->
{ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]),
ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
… got 200OK ...
TcpSocket.
ssl_client() ->
TcpSocket = tcp_client(),
Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ],
{ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() ->
SslSocket = ssl_client(),
ok = ssl:send("...some data...">>, SslSocket),
…
ok.
_______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word.
Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________
tcp_client() ->
{ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]),
ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>),
… got 200OK ...
TcpSocket.
ssl_client() ->
TcpSocket = tcp_client(),
Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ],
{ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() ->
SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), …
ok.
_______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}.
Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access
/Frank
_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED
http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190426/de3de089/attachment.htm>
More information about the erlang-questions
mailing list