<div dir="ltr">Hello!<div><br></div><div>My application is listening SSL port using ssl:listen, ssl:transport_accept and ssl:ssl_accept (indeed it uses some old patched mochiweb).</div><div>Erlang/OTP release is R16B02.</div>
<div>I use SASL for error logging.</div><div><br></div><div>Due to existence of network scanners, network errors and buggy clients some of connections fail to negotiate. This leads to two kind of log entries:</div><div> 1. "insufficient security", etc.</div>
<div> 2. Crash reports due to a function_clause error in tls_v1:enum_to_oid(0) (this may be not the only one, but definitely the most popular)</div><div><br></div><div>First one seems to be fixed by {log_alert, false} ssl option.</div>
<div>Second one keeps flooding logs with huge state printouts.</div><div><br></div><div>So, my question is: How to make all SSL-related troubles not to generate error reports? Simple {error, handshake_failed} returned by one of accepting functions would be enough.</div>
<div><br></div><div>Maybe this is useful:</div><div><div>=ERROR REPORT==== 6-Mar-2014::05:35:19 ===</div><div>** State machine <0.19029.3> terminating</div><div>** Last message in was {tcp,#Port<0.68651>,</div>
<div> <<22,3,1,0,209,1,0,0,205,3,1,83,23,208,215,254,</div><div> 236,125,231,33,138,62,193,101,12,193,176,102,</div><div> 114,62,166,230,143,36,171,53,199,66,68,65,164,</div>
<div> 166,184,0,0,100,0,51,0,50,0,57,0,56,0,22,0,19,</div><div> 192,19,192,9,192,20,192,10,192,18,192,8,0,47,0,</div><div> 53,0,10,0,21,0,18,0,61,0,60,0,103,0,64,0,107,0,</div>
<div> 106,192,17,192,7,0,150,0,154,0,153,0,65,0,132,0,</div><div> 69,0,68,0,136,0,135,0,186,0,190,0,189,0,192,0,</div><div> 196,0,195,192,60,192,68,192,66,192,61,192,69,</div>
<div> 192,67,0,9,0,5,0,4,0,255,1,0,0,64,0,10,0,54,0,</div><div> 52,0,0,0,1,0,2,0,3,0,4,0,5,0,6,0,7,0,8,0,9,0,10,</div><div> 0,11,0,12,0,13,0,14,0,15,0,16,0,17,0,18,0,19,0,</div>
<div> 20,0,21,0,22,0,23,0,24,0,25,0,11,0,2,1,0>>}</div><div>** When State == hello</div></div><div>** Data == {state,server, LOTS_OF_STUFF_SKIPPED}<br></div><div><div>** Reason for termination =</div>
<div>** {function_clause,[{tls_v1,enum_to_oid,[0],[{file,"tls_v1.erl"},{line,404}]},</div><div> {ssl_handshake,'-dec_hello_extensions/2-blc$^1/1-0-',1,</div><div> [{file,"ssl_handshake.erl"},{line,1467}]},</div>
<div> {ssl_handshake,dec_hello_extensions,2,</div><div> [{file,"ssl_handshake.erl"},{line,1467}]},</div><div> {tls_handshake,decode_handshake,3,</div>
<div> [{file,"tls_handshake.erl"},{line,237}]},</div><div> {tls_handshake,get_tls_handshake_aux,3,</div><div> [{file,"tls_handshake.erl"},{line,204}]},</div>
<div> {tls_connection,next_state,4,</div><div> [{file,"tls_connection.erl"},</div><div> {line,2546}]},</div><div> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},</div>
<div> {proc_lib,init_p_do_apply,3,</div><div> [{file,"proc_lib.erl"},{line,239}]}]}</div></div><div><br></div><div>-- </div><div><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div>
</div></div>