SSL crash when pointed at a non SSL echo server
Ed W
lists@REDACTED
Mon Nov 8 21:18:43 CET 2021
Hi, in order to develop some simple apps I created a simple echo server that runs on two ports, one
for SSL and another plain TCP. By accident I pointed the SSL application at the plain TCP port and
found the following crash (please forgive the elixir syntax)
Obviously one shouldn't do this... However, perhaps someone would like to see if we can't catch it
and return a nicer error?
(tested: Erlang 24.1.3)
Thanks
Ed W
iex(5)> :ssl.connect('34.221.16.130', 1235, [:binary, :inet, active: :once, nodelay: true, packet:
:raw], 5000)
[warn] Description: 'Authenticity is not established by certificate path validation'
Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'
[error] GenStateMachine #PID<0.844.0> terminating
** (MatchError) no match of right hand side value: {:state, {:static_env, :client, :gen_tcp,
:tls_gen_connection, :tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235,
#Port<0.63>, #Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
{:connection_env, {#Reference<0.1889060192.1381761025.28417>, #PID<0.793.0>}, :undefined, false,
false, {3, 3}, :undefined, :undefined}, %{fallback: false, supported_groups: {:supported_groups,
[:x25519, :x448, :secp256r1, :secp384r1]}, sni_fun: :undefined, versions: [{3, 4}, {3, 3}],
honor_ecc_order: :undefined, partial_chain: #Function<11.91340613/1 in :ssl.handle_options/5>,
reuse_session: :undefined, customize_hostname_check: [], alpn_advertised_protocols: :undefined,
max_fragment_length: :undefined, ciphers: [<<19, 2>>, <<19, 1>>, <<19, 3>>, <<19, 4>>, <<19, 5>>,
<<192, 44>>, <<192, 48>>, <<192, 173>>, <<192, 175>>, <<192, 36>>, <<192, 40>>, "̩", "̨", <<192,
43>>, <<192, 47>>, <<192, 172>>, <<192, 174>>, <<192, 46>>, <<192, 50>>, <<192, 38>>, <<192, 42>>,
<<192, 45>>, <<192, 49>>, <<192, 35>>, <<192, 39>>, <<192, 37>>, <<192, 41>>, <<0, 159>>, <<0,
163>>, <<0, 107>>, <<0, 106>>, <<0, 158>>, <<0, 162>>, "̪", <<...>>, ...], cacerts: :undefined,
ocsp_responder_certs: [], middlebox_comp_mode: true, max_handshake_size: 262144, verify_fun:
{#Function<12.91340613/3 in :ssl.handle_options/5>, []}, signature_algs: [:ecdsa_secp521r1_sha512,
:ecdsa_secp384r1_sha384, :ecdsa_secp256r1_sha256, :rsa_pss_pss_sha512, :rsa_pss_pss_sha384,
:rsa_pss_pss_sha256, :rsa_pss_rsae_sha512, :rsa_pss_rsae_sha384, :rsa_pss_rsae_sha256,
:eddsa_ed25519, :eddsa_ed448, {:sha512, :ecdsa}, {:sha512, :rsa}, {:sha384, :ecdsa}, {:sha384,
:rsa}, {:sha256, :ecdsa}, {:sha256, :rsa}, {:sha224, :ecdsa}, {:sha224, :rsa}, {:sha, :ecdsa},
{:sha, :rsa}, {:sha, :dsa}], next_protocols_advertised: :undefined, verify: :verify_none, dhfile:
:undefined, key_update_at: 388736063997, depth: 10, anti_replay: :undefined, cert: :undefined,
beast_mitigation: :one_n_minus_one, client_renegotiation: :undefined, key: :undefined, sni_hosts:
[], next_protocol_selector: :undefined, padding_check: true, renegotiate_at: 268435456, dh:
:undefined, ocsp_stapling: false, cacertfile: "", fail_if_no_peer_cert: false, eccs:
{:elliptic_curves, [{1, 3, 132, 0, 39}, {1, 3, 132, 0, 38}, {1, 3, 132, 0, 35}, {1, 3, 36, 3, ...},
{1, 3, 132, ...}, {1, 3, ...}, {1, ...}, {...}, ...]}, use_ticket: :undefined, signature_algs_cert:
:undefined, hibernate_after: :infinity, alpn_preferred_protocols: :undefined, reuse_sessions: true,
honor_cipher_order: :undefined, user_lookup_fun: :undefined, session_tickets: :disabled, cookie:
:undefined, crl_cache: {...}, ...}, {:socket_options, :binary, :raw, 0, 0, :once}, {:handshake_env,
:undefined, 0, {[<<1, 0, 1, 26, 3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79,
146, 44, 28, 247, 36, 160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>, [1, <<0,
1, 26>>, <<3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36,
160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]], [[1, <<0, 1, 26>>, <<3, 3,
97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36, 160, 243, 194,
242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]]}, false, {false, :first}, false, false,
false, false, :undefined, :undefined, :undefined, :undefined, false, :undefined, :undefined,
:undefined, {:undefined, :undefined}, {:undefined, :undefined}, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, %{ocsp_expect: :no_staple, ocsp_nonce:
:undefined, ocsp_stapling: false}}, [], false, %{active_n: 100, active_n_toggle: false, sender:
#PID<0.843.0>}, {:session, "", :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, false, -576459648695699000, :undefined, :undefined, :undefined},
{:key_share_client_hello, [{:key_share_entry, :x25519, {<<249, 196, 35, 188, 216, 241, 192, 44, 108,
210, 243, 25, 45, 184, 86, 169, 120, 79, 85, 234, 142, 230, 138, 102, 80, 9, 238, 43, 42, 224, 211,
117>>, <<168, 198, 207, 241, 16, 25, 147, 88, 92, 85, 26, 3, 54, 138, 201, 101, 60, 228, 16, 141,
49, 218, 213, 186, 37, 48, 99, 218, 103, 248, 70, ...>>}}]}, %{current_read: %{beast_mitigation:
:one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state:
:undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384,
max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data:
:undefined, trial_decryption: false}, current_write: %{beast_mitigation: :one_n_minus_one,
cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined,
early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length:
:undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>,
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption:
false}, pending_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined,
client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret:
:undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation:
:undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, <<97, 137, 132, 18, 245, 9, 17, ...>>, :undefined,
:undefined}, server_verify_data: :undefined, trial_decryption: false}, pending_write:
%{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined,
compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size:
16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, <<97, 137, 132, 18, 245, 9, ...>>, :undefined, :undefined}, server_verify_data:
:undefined, trial_decryption: false}}, {:protocol_buffers, {:undefined, {[], 0, []}}, "", []}, {[],
0, []}, :undefined, {#PID<0.793.0>, #Reference<0.1889060192.1381761025.28419>}, :undefined}
(ssl 10.5.2) tls_handshake_1_3.erl:652: :tls_handshake_1_3.do_start/2
(ssl 10.5.2) tls_connection_1_3.erl:270: :tls_connection_1_3.start/3
(stdlib 3.16.1) gen_statem.erl:1194: :gen_statem.loop_state_callback/11
(ssl 10.5.2) tls_connection.erl:154: :tls_connection.init/1
(stdlib 3.16.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
State: [data: [{'State', {:start, {:state, {:static_env, :client, :gen_tcp, :tls_gen_connection,
:tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235, #Port<0.63>,
#Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
'***', %{fallback: false, supported_groups: {:supported_groups, [:x25519, :x448, :s (truncated)
** (exit) exited in: :gen_statem.call(#PID<0.844.0>, {:start, 5000}, :infinity)
** (EXIT) an exception was raised:
** (MatchError) no match of right hand side value: {:state, {:static_env, :client, :gen_tcp,
:tls_gen_connection, :tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235,
#Port<0.63>, #Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
{:connection_env, {#Reference<0.1889060192.1381761025.28417>, #PID<0.793.0>}, :undefined, false,
false, {3, 3}, :undefined, :undefined}, %{fallback: false, supported_groups: {:supported_groups,
[:x25519, :x448, :secp256r1, :secp384r1]}, sni_fun: :undefined, versions: [{3, 4}, {3, 3}],
honor_ecc_order: :undefined, partial_chain: #Function<11.91340613/1 in :ssl.handle_options/5>,
reuse_session: :undefined, customize_hostname_check: [], alpn_advertised_protocols: :undefined,
max_fragment_length: :undefined, ciphers: [<<19, 2>>, <<19, 1>>, <<19, 3>>, <<19, 4>>, <<19, 5>>,
<<192, 44>>, <<192, 48>>, <<192, 173>>, <<192, 175>>, <<192, 36>>, <<192, 40>>, "̩", "̨", <<192,
43>>, <<192, 47>>, <<192, 172>>, <<192, 174>>, <<192, 46>>, <<192, 50>>, <<192, 38>>, <<192, 42>>,
<<192, 45>>, <<192, 49>>, <<192, 35>>, <<192, 39>>, <<192, 37>>, <<192, 41>>, <<0, 159>>, <<0,
163>>, <<0, 107>>, <<0, 106>>, <<0, 158>>, <<0, 162>>, "̪", <<...>>, ...], cacerts: :undefined,
ocsp_responder_certs: [], middlebox_comp_mode: true, max_handshake_size: 262144, verify_fun:
{#Function<12.91340613/3 in :ssl.handle_options/5>, []}, signature_algs: [:ecdsa_secp521r1_sha512,
:ecdsa_secp384r1_sha384, :ecdsa_secp256r1_sha256, :rsa_pss_pss_sha512, :rsa_pss_pss_sha384,
:rsa_pss_pss_sha256, :rsa_pss_rsae_sha512, :rsa_pss_rsae_sha384, :rsa_pss_rsae_sha256,
:eddsa_ed25519, :eddsa_ed448, {:sha512, :ecdsa}, {:sha512, :rsa}, {:sha384, :ecdsa}, {:sha384,
:rsa}, {:sha256, :ecdsa}, {:sha256, :rsa}, {:sha224, :ecdsa}, {:sha224, :rsa}, {:sha, :ecdsa},
{:sha, :rsa}, {:sha, :dsa}], next_protocols_advertised: :undefined, verify: :verify_none, dhfile:
:undefined, key_update_at: 388736063997, depth: 10, anti_replay: :undefined, cert: :undefined,
beast_mitigation: :one_n_minus_one, client_renegotiation: :undefined, key: :undefined, sni_hosts:
[], next_protocol_selector: :undefined, padding_check: true, renegotiate_at: 268435456, dh:
:undefined, ocsp_stapling: false, cacertfile: "", fail_if_no_peer_cert: false, eccs:
{:elliptic_curves, [{1, 3, 132, 0, 39}, {1, 3, 132, 0, 38}, {1, 3, 132, 0, 35}, {1, 3, 36, 3, ...},
{1, 3, 132, ...}, {1, 3, ...}, {1, ...}, {...}, ...]}, use_ticket: :undefined, signature_algs_cert:
:undefined, hibernate_after: :infinity, alpn_preferred_protocols: :undefined, reuse_sessions: true,
honor_cipher_order: :undefined, user_lookup_fun: :undefined, session_tickets: :disabled, cookie:
:undefined, crl_cache: {...}, ...}, {:socket_options, :binary, :raw, 0, 0, :once}, {:handshake_env,
:undefined, 0, {[<<1, 0, 1, 26, 3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79,
146, 44, 28, 247, 36, 160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>, [1, <<0,
1, 26>>, <<3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36,
160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]], [[1, <<0, 1, 26>>, <<3, 3,
97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36, 160, 243, 194,
242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]]}, false, {false, :first}, false, false,
false, false, :undefined, :undefined, :undefined, :undefined, false, :undefined, :undefined,
:undefined, {:undefined, :undefined}, {:undefined, :undefined}, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, %{ocsp_expect: :no_staple, ocsp_nonce:
:undefined, ocsp_stapling: false}}, [], false, %{active_n: 100, active_n_toggle: false, sender:
#PID<0.843.0>}, {:session, "", :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, false, -576459648695699000, :undefined, :undefined, :undefined},
{:key_share_client_hello, [{:key_share_entry, :x25519, {<<249, 196, 35, 188, 216, 241, 192, 44, 108,
210, 243, 25, 45, 184, 86, 169, 120, 79, 85, 234, 142, 230, 138, 102, 80, 9, 238, 43, 42, 224, 211,
117>>, <<168, 198, 207, 241, 16, 25, 147, 88, 92, 85, 26, 3, 54, 138, 201, 101, 60, 228, 16, 141,
49, 218, 213, 186, 37, 48, 99, 218, 103, 248, 70, ...>>}}]}, %{current_read: %{beast_mitigation:
:one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state:
:undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384,
max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data:
:undefined, trial_decryption: false}, current_write: %{beast_mitigation: :one_n_minus_one,
cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined,
early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length:
:undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>,
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption:
false}, pending_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined,
client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret:
:undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation:
:undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, <<97, 137, 132, 18, 245, 9, 17, ...>>, :undefined,
:undefined}, server_verify_data: :undefined, trial_decryption: false}, pending_write:
%{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined,
compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size:
16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, <<97, 137, 132, 18, 245, 9, ...>>, :undefined, :undefined}, server_verify_data:
:undefined, trial_decryption: false}}, {:protocol_buffers, {:undefined, {[], 0, []}}, "", []}, {[],
0, []}, :undefined, {#PID<0.793.0>, #Reference<0.1889060192.1381761025.28419>}, :undefined}
(ssl 10.5.2) tls_handshake_1_3.erl:652: :tls_handshake_1_3.do_start/2
(ssl 10.5.2) tls_connection_1_3.erl:270: :tls_connection_1_3.start/3
(stdlib 3.16.1) gen_statem.erl:1194: :gen_statem.loop_state_callback/11
(ssl 10.5.2) tls_connection.erl:154: :tls_connection.init/1
(stdlib 3.16.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
(stdlib 3.16.1) gen.erl:220: :gen.do_call/4
(stdlib 3.16.1) gen_statem.erl:684: :gen_statem.call_dirty/4
(ssl 10.5.2) ssl_gen_statem.erl:1185: :ssl_gen_statem.call/2
(ssl 10.5.2) ssl_gen_statem.erl:224: :ssl_gen_statem.handshake/2
(ssl 10.5.2) tls_gen_connection.erl:89: :tls_gen_connection.start_fsm/8
(ssl 10.5.2) ssl_gen_statem.erl:193: :ssl_gen_statem.connect/8
(ssl 10.5.2) ssl.erl:608: :ssl.connect/4
More information about the erlang-questions
mailing list