<div dir="ltr"><div class="gmail_extra"><p style="font-family:arial,sans-serif;font-size:13px"><b>Hi!</b></p><p style="font-family:arial,sans-serif;font-size:13px"><b>After some private discussions (should have been more suspicious of the link ;)) I think we found a bug related to warning alerts that just happen to manifest itself on the alert 112 that was missing from the SNI-contribution, and that I just added to 17.  So the following patch, if proven correct, will be included for 17.1  (Makes the last clause of handle_alert - handle all not previously matched warning alerts.)</b></p>
<p style="font-family:arial,sans-serif;font-size:13px"><b>diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl</b></p><p style="font-family:arial,sans-serif;font-size:13px"><b>index ffa04ee..0946a47 100644</b></p>
<p style="font-family:arial,sans-serif;font-size:13px"><b>--- a/lib/ssl/src/tls_connection.erl</b></p><p style="font-family:arial,sans-serif;font-size:13px"><b>+++ b/lib/ssl/src/tls_connection.erl</b></p><p style="font-family:arial,sans-serif;font-size:13px">
@@ -859,7 +859,7 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENE</p><p style="font-family:arial,sans-serif;font-size:13px">     {Record, State} = next_record(State0),</p><p style="font-family:arial,sans-serif;font-size:13px">
     next_state(StateName, connection, Record, State);</p><p style="font-family:arial,sans-serif;font-size:13px"> </p><p style="font-family:arial,sans-serif;font-size:13px">-handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, St</p>
<p style="font-family:arial,sans-serif;font-size:13px">+handle_alert(#alert{level = ?WARNING} = Alert, StateName, </p><p style="font-family:arial,sans-serif;font-size:13px"><br></p><p style="font-family:arial,sans-serif;font-size:13px">
Regards Ingela Erlang/OTP  team - Ericsson AB</p><p style="font-family:arial,sans-serif;font-size:13px"><br></p><div class="gmail_quote">2014-04-11 17:18 GMT+02:00 Ingela Andin <span dir="ltr"><<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra">Hi!<br><br></div>
<div class="gmail_extra">This is what happens when I do what you say you do. <br></div><div class="gmail_extra"><br>Erlang/OTP 17 [erts-6.0] [source-fa45816] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false]<div class="">
<br>
<br>Eshell V6.0  (abort with ^G)<br>1>  inets:start().<br>ok<br>2>  ssl:start().<br>ok<br>3> httpc:request("<a href="https://somewhere.com" target="_blank">https://somewhere.com</a>").<br></div>{ok,{{"HTTP/1.1",200,"OK"},<br>

     [{"cache-control","max-age=0, private, must-revalidate"},<br>      {"connection","keep-alive"},<br>      {"date","Fri, 11 Apr 2014 15:03:08 GMT"},<br>      {"etag","\"abf551bf9c340cc2649822f9e27e82ff\""},<br>

      {"vary","Accept-Encoding"},<br>      {"content-length","41024"},<br>      {"content-type","text/html; charset=utf-8"},<br>      {"last-modified","Thu, 30 Jan 2014 17:12:43 GMT"},<br>

      {"access-control-allow-methods","POST, GET, OPTIONS"},<br>      {"access-control-allow-origin","*"},<br>      {"access-control-max-age","1728000"},<br>      {"set-cookie",<br>

       "_session_id=613ae6fdb421a8eb1cbc1d43509c4d53; path=/; expires=Fri, 18-Apr-2014 15:03:08 GMT; HttpOnly"},<br>      {"status","200 OK"},<br>      {"x-rack-cache","miss"},<br>

      {"x-request-id","9b2a35c1-f4c8-47fa-bcdc-e7f80090fe72"},<br>      {"x-runtime","1.182360"},<br>      {"x-ua-compatible","IE=Edge,chrome=1"}],<br>     [60,33,68,79,67,84,89,80,69,32,104,116,109,108,62,60,104,<br>

      116,109,108,62,60,104,101|...]}}<br><br></div><div class=""><div class="gmail_extra">Regards Ingela Erlang/OTP team - Ericsson AB<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-04-11 16:53 GMT+02:00 atul atri <span dir="ltr"><<a href="mailto:atulatri2004@gmail.com" target="_blank">atulatri2004@gmail.com</a>></span>:<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Ingela,<br><br></div>
I just tested this issue with erlang 17. This issue is not fixed.<br>
<br>=============<br>[root@atul-test otp_src_17.0]# erl<br>Erlang/OTP 17 [erts-6.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]<br>

<br>Eshell V6.0  (abort with ^G)<br>1> inets:start().<br>ok<br>2> ssl:start().<br>ok<br>3> httpc:request("<a href="https://somewhere.com" target="_blank">https://somewhere.com</a>").<div><br>{error,{failed_connect,[{to_address,{"<a href="http://somewhere.com" target="_blank">somewhere.com</a>",<br>



                                     443}},<br>                        {inet,[inet],<br>                              {eoptions,{{function_clause,[{tls_connection,handle_alert,<br>                                                                           [{alert,1,112,{"tls_connection.erl",375}},<br>



                                                                            hello,<br>                                                                            {state,client,<br></div>                                                                                   {#Ref<0.0.0.63>,<0.57.0>},<br>



                                                                                   gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],<br>                                                                           [{file,"tls_connection.erl"},{line,836}]},<br>



                                                           {tls_connection,handle_alerts,2,<br>                                                                           [{file,"tls_connection.erl"},{line,834}]},<br>



                                                           {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},<div><br>                                                           {proc_lib,init_p_do_apply,3,<br>



                                                                     [{file,"proc_lib.erl"},{line,239}]}]},<br>                                         {gen_fsm,sync_send_all_state_event,<br></div>                                                  [<0.61.0>,{start,infinity},infinity]}}}}]}}<br>



=================<br><br></div>Server sends alert warning 112 (unrecognized_name), but tls_connection.erl has no function to handle this alert. ssl_alert.hrl do mention this alert.<br><br></div>I also found <a href="http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0" target="_blank">http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0</a>. Java 1.7 is also behaving kind of same. I have not tested myself though. As first answer mentions, that most choose to ignore server  alert warning 112 (unrecognized_name). Erlang/Otp should also consider to ignore it. This thread mentions that we can disable SNI in java 1.7.  Do we have similar option in Erlang/Otp? Is disabling SNI right choice?<br>



<br></div>Adding following function in tls_connection.erl solves the problem:<br>=========<br>handle_alert(#alert{level = ?WARNING, description = ?UNRECOGNISED_NAME} = Alert, StateName,<br>#state{ssl_options = SslOpts} = State0) -><br>



    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),<br>    {Record, State} = next_record(State0),<br>    next_state(StateName, StateName, Record, State).<br>===========<br><div><br></div><div>This issue supposed to be fixed in <a href="https://github.com/erlang/otp/commit/d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4" target="_blank">https://github.com/erlang/otp/commit/d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4</a>. But It seems like you forgot to commit changes in file tls_connection.erl.<br>



<br></div><div>Waiting for your kind reply to sort out this issue asap.<br></div><div><div><br></div><div>Thanks & Regards,<br>Atul Atri.<br></div><div><br><br><div><div><div><br></div></div></div></div></div>
</div><div><div><div class="gmail_extra">

<br><br><div class="gmail_quote">On Fri, Apr 4, 2014 at 7:10 PM, Ingela Andin <span dir="ltr"><<a href="mailto:ingela.andin@gmail.com" target="_blank">ingela.andin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">



<div dir="ltr"><div><div>Hi!<br><br></div>This is fixed in the latest version 17.0 (comming soon) or check master branch at github.<br><br></div>Regards Ingela Erlang/OTP team - Ericsson AB<br><div><div><div><div><div class="gmail_extra">




<br><br><div class="gmail_quote">2014-04-04 10:33 GMT+02:00 atul atri <span dir="ltr"><<a href="mailto:atulatri2004@gmail.com" target="_blank">atulatri2004@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">



<div><div>
<div dir="ltr"><div><div><div><div>Hi,<br><br></div>I am using httpc to connect to a website that is using invalid certificate. But it is crashing while ssl handshake.<br><br>======<br>7> httpc:request(post, {"<a href="https://somewhere.com" target="_blank">https://somewhere.com</a>", [],  "application/x-www-form-urlencoded", ""}, [{ssl, [{verify, verify_none}]}], []).                               {error,{failed_connect,[{to_address,{"<a href="http://somewhere.com" target="_blank">somewhere.com</a>",<br>






                                     443}},<br>                        {inet,[inet],<br>                              {eoptions,{{function_clause,[{tls_connection,handle_alert,<br>                                                                           [{alert,1,112,{"tls_connection.erl",375}},<br>






                                                                            hello,<br>                                                                            {state,client,<br>                                                                                   {#Ref<0.0.0.137>,<0.74.0>},<br>






                                                                                   gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,...}],<br>                                                                           [{file,"tls_connection.erl"},{line,834}]},<br>






                                                           {tls_connection,handle_alerts,2,<br>                                                                           [{file,"tls_connection.erl"},{line,832}]},<br>






                                                           {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},<br>                                                           {proc_lib,init_p_do_apply,3,<br>






                                                                     [{file,"proc_lib.erl"},{line,239}]}]},<br>                                         {gen_fsm,sync_send_all_state_event,<br>                                                  [<0.75.0>,{start,infinity},infinity]}}}}]}}<br>






=======<br><br></div>I am able to browse website in Firefox.<br><br></div><div>My elang version is <br>====<br>[root@chatgateway1 ~]# erl<br>Erlang R16B03-1 (erts-5.10.4) [source] [64-bit] [smp:2:2] [async-threads:10] [hipe] [kernel-poll:false]<br>






<br>Eshell V5.10.4  (abort with ^G)<br>====<br></div><br>I googled it and it looks some thing related to <a href="http://permalink.gmane.org/gmane.comp.lang.erlang.bugs/4302" target="_blank">http://permalink.gmane.org/gmane.comp.lang.erlang.bugs/4302</a>.<br>






<br></div>Any help to fix or work around this is much appreciated.<br><br>Thanks & Regards,<br>Atul Atri.<br><br></div>
<br></div></div>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div>