<div dir="ltr"><div>but curiously enough, with self-signed-certificate servers is working regardless protocol versions - just works. <br><br>Perhaps 'SNI-extension that must be empty' is not involved in this case?<br><br></div>Bogdan<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 27, 2014 at 10:49 PM, Dave Cottlehuber <span dir="ltr"><<a href="mailto:dch@skunkwerks.at" target="_blank">dch@skunkwerks.at</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Looks like <a href="http://erlang.org/pipermail/erlang-questions/2014-September/081176.html" target="_blank">http://erlang.org/pipermail/erlang-questions/2014-September/081176.html</a><br>
<br>
On OSX I applied <a href="https://github.com/erlang/otp/commit/b196730a325cfe74312c3a5f4b1273ba7c705ed6.diff" target="_blank">https://github.com/erlang/otp/commit/b196730a325cfe74312c3a5f4b1273ba7c705ed6.diff</a> to fix this, and for FreeBSD I just switched to a newer <a href="https://github.com/erlang/otp/archive/OTP-17.3.4.tar.gz" target="_blank">https://github.com/erlang/otp/archive/OTP-17.3.4.tar.gz</a><br>
<br>
A+<br>
Dave<br>
<span class=""><br>
-----Original Message-----<br>
From: Bogdan Andu <<a href="mailto:bog495@gmail.com">bog495@gmail.com</a>><br>
Reply: Bogdan Andu <<a href="mailto:bog495@gmail.com">bog495@gmail.com</a>>><br>
Date: 27. November 2014 at 13:57:10<br>
To: Erlang <<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a>>><br>
Subject:  Re: [erlang-questions] ssl client issue<br>
<br>
> Hi,<br>
><br>
> I didn't know that, I'll upgrade to the latest otp.<br>
><br>
> Thank you,<br>
><br>
> Bogdan<br>
><br>
</span><span class="">> On Thu, Nov 27, 2014 at 2:49 PM, Loïc Hoguin wrote:<br>
><br>
> > If you are using 17.3 you need to update to 17.3.2 or above. 17.3 shipped<br>
> > with a broken SSL client and the OTP team didn't deem worthwhile to issue<br>
> > an official patch.<br>
> ><br>
> > On 11/27/2014 02:38 PM, Bogdan Andu wrote:<br>
> ><br>
> >> Hi,<br>
> >><br>
> >> I am trying to connet to a site using https protocol and I get error:<br>
> >> $ erl -noshell -s inets -s ssl -eval 'ok= httpc:request(get,<br>
> >> {"<a href="https://github.com/rebar/rebar/wiki/rebar" target="_blank">https://github.com/rebar/rebar/wiki/rebar</a>", []}, [], [{stream,<br>
> >> "./rebar"}])' -s init stop<br>
> >><br>
> >><br>
> >> {"init terminating in<br>
> >> do_boot",{{badmatch,{error,{failed_connect,[{to_address,{"<a href="http://github.com" target="_blank">github.com</a><br>
</span><span class="">> >> ",443}},{inet,[inet],{eoptions,{{{badmatch,<<0<br>
> >> bytes>>},[{ssl_handshake,dec_hello_extensions,2,[{file,"<br>
> >> ssl_handshake.erl"},{line,1737}]},{ssl_handshake,decode_<br>
> >> handshake,3,[{file,"ssl_handshake.erl"},{line,926}]},{<br>
> >> tls_handshake,get_tls_handshake_aux,3,[{file,"tls_<br>
> >> handshake.erl"},{line,155}]},{tls_connection,next_state,4,[{<br>
> >> file,"tls_connection.erl"},{line,433}]},{gen_fsm,handle_<br>
> >> msg,7,[{file,"gen_fsm.erl"},{line,503}]},{proc_lib,init_p_<br>
> >> do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]},{gen_fsm,<br>
> >> sync_send_all_state_event,[<0.54.0>,{start,infinity},<br>
> >> infinity]}}}}]}}},[{erl_eval,expr,3,[]}]}}<br>
> >><br>
> >> I fed the ssl versions options to ssl option in httpc:<br>
> >><br>
> >> $ erl -noshell -s inets -s ssl -ssl protocol_versions '[tlsv1]' -eval<br>
> >> 'ok= httpc:request(get, {"<a href="https://github.com/rebar/rebar/wiki/rebar" target="_blank">https://github.com/rebar/rebar/wiki/rebar</a>",<br>
> >> []}, [{ssl, [ {versions, [tlsv1]} ]}], [{stream, "./rebar"}])' -s init<br>
> >> stop<br>
> >><br>
> >> and I get the same error.<br>
> >><br>
</span>> >> <a href="http://githum.com" target="_blank">githum.com</a> does not serves sslv3 connections<br>
> >> anymore, but <a href="http://google.com" target="_blank">google.com</a> does and I get the same<br>
<div><div class="h5">> >><br>
> >> error (more detailed) :<br>
> >><br>
> >> =ERROR REPORT==== 27-Nov-2014::14:36:42 ===<br>
> >> ** State machine <0.54.0> terminating<br>
> >> ** Last message in was {tcp,#Port<0.1310>,<br>
> >><br>
> >> <<22,3,1,0,93,2,0,0,89,3,1,84,119,26,218,49,140,<br>
> >><br>
> >> 143,214,55,227,58,228,149,69,14,208,108,222,237,<br>
> >><br>
> >> 222,62,130,116,69,128,135,31,62,197,66,236,180,<br>
> >><br>
> >> 32,177,252,205,17,16,73,136,136,192,180,178,231,<br>
> >><br>
> >> 184,31,16,165,117,167,10,94,112,148,137,123,19,<br>
> >><br>
> >> 218,177,209,242,30,105,160,192,7,0,0,17,0,0,0,0,<br>
> >><br>
> >> 255,1,0,1,0,0,11,0,4,3,0,1,2,22,3,1,14,78,11,0,<br>
> >><br>
> >> 14,74,0,14,71,0,6,201,48,130,6,197,48,130,5,173,<br>
> >><br>
> >> 160,3,2,1,2,2,8,37,174,101,117,232,1,104,64,48,<br>
> >><br>
> >> 13,6,9,42,134,72,134,247,13,1,1,5,5,0,48,73,49,<br>
> >><br>
> >> 11,48,9,6,3,85,4,6,19,2,85,83,49,19,48,17,6,3,<br>
> >><br>
> >> 85,4,10,19,10,71,111,111,103,108,101,32,73,110,<br>
> >><br>
> >> 99,49,37,48,35,6,3,85,4,3,19,28,71,111,111,103,<br>
> >><br>
> >> 108,101,32,73,110,116,101,114,110,101,116,32,65,<br>
> >><br>
> >> 117,116,104,111,114,105,116,121,32,71,50,48,30,<br>
> >><br>
> >> 23,13,49,52,49,49,50,48,48,57,50,57,49,52,90,23,<br>
> >> 13,49,53,48,50,49,56,48,48,48,<br>
> >> 48,48,48,90,48,<br>
> >><br>
> >> 102,49,11,48,9,6,3,85,4,6,19,2,85,83,49,19,48,<br>
> >><br>
> >> 17,6,3,85,4,8,12,10,67,97,108,105,102,111,114,<br>
> >><br>
> >> 110,105,97,49,22,48,20,6,3,85,4,7,12,13,77,111,<br>
> >><br>
> >> 117,110,116,97,105,110,32,86,105,101,119,49,19,<br>
> >><br>
> >> 48,17,6,3,85,4,10,12,10,71,111,111,103,108,101,<br>
> >><br>
> >> 32,73,110,99,49,21,48,19,6,3,85,4,3,12,12,42,46,<br>
> >><br>
> >> 103,111,111,103,108,101,46,99,111,109,48,89,48,<br>
> >><br>
> >> 19,6,7,42,134,72,206,61,2,1,6,8,42,134,72,206,<br>
> >><br>
> >> 61,3,1,7,3,66,0,4,239,17,2,30,58,209,122,37,213,<br>
> >><br>
> >> 224,230,99,232,174,177,189,137,205,210,61,217,<br>
> >><br>
> >> 56,170,25,54,178,25,237,226,204,35,216,210,186,<br>
> >> 50,69,44,117,245,182,108,110,<br>
> >> 144,22,136,1,44,<br>
> >><br>
> >> 223,216,101,244,211,3,91,5,143,64,182,1,108,149,<br>
> >><br>
> >> 202,14,212,163,130,4,93,48,130,4,89,48,29,6,3,<br>
> >><br>
> >> 85,29,37,4,22,48,20,6,8,43,6,1,5,5,7,3,1,6,8,43,<br>
> >><br>
> >> 6,1,5,5,7,3,2,48,130,3,38,6,3,85,29,17,4,130,3,<br>
> >><br>
> >> 29,48,130,3,25,130,12,42,46,103,111,111,103,108,<br>
> >><br>
> >> 101,46,99,111,109,130,13,42,46,97,110,100,114,<br>
> >><br>
> >> 111,105,100,46,99,111,109,130,22,42,46,97,112,<br>
> >><br>
> >> 112,101,110,103,105,110,101,46,103,111,111,103,<br>
> >><br>
> >> 108,101,46,99,111,109,130,18,42,46,99,108,111,<br>
> >> 117,100,46,103,111,111,103,<br>
> >> 108,101,46,99,111,<br>
> >><br>
> >> 109,130,22,42,46,103,111,111,103,108,101,45,97,<br>
> >><br>
> >> 110,97,108,121,116,105,99,115,46,99,111,109,130,<br>
> >><br>
> >> 11,42,46,103,111,111,103,108,101,46,99,97,130,<br>
> >><br>
> >> 11,42,46,103,111,111,103,108,101,46,99,108,130,<br>
> >><br>
> >> 14,42,46,103,111,111,103,108,101,46,99,111,46,<br>
> >><br>
> >> 105,110,130,14,42,46,103,111,111,103,108,101,46,<br>
> >><br>
> >> 99,111,46,106,112,130,14,42,46,103,111,111,103,<br>
> >><br>
> >> 108,101,46,99,111,46,117,107,130,15,42,46,103,<br>
> >><br>
> >> 111,111,103,108,101,46,99,111,109,46,97,114,130,<br>
> >><br>
> >> 15,42,46,103,111,111,103,108,101,46,99,111,109,<br>
> >><br>
> >> 46,97,117,130,15,42,46,103,111,111,103,108,101,<br>
> >> 46,99,111,109,46,98,114,130,<br>
> >> 15,42,46,103,111,<br>
> >><br>
> >> 111,103,108,101,46,99,111,109,46,99,111,130,15,<br>
> >><br>
> >> 42,46,103,111,111,103,108,101,46,99,111,109,46,<br>
> >><br>
> >> 109,120,130,15,42,46,103,111,111,103,108,101,46,<br>
> >><br>
> >> 99,111,109,46,116,114,130,15,42,46,103,111,111,<br>
> >><br>
> >> 103,108,101,46,99,111,109,46,118,110,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,100,101,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,101,115,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,102,114,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,104,117,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,105,116,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,110,108,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,112,108,130,11,42,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,112,116,130,18,42,<br>
> >> 46,103,111,111,103,108,101,97,<br>
> >> 100,97,112,105,<br>
> >><br>
> >> 115,46,99,111,109,130,15,42,46,103,111,111,103,<br>
> >><br>
> >> 108,101,97,112,105,115,46,99,110,130,20,42,46,<br>
> >><br>
> >> 103,111,111,103,108,101,99,111,109,109,101,114,<br>
> >><br>
> >> 99,101,46,99,111,109,130,17,42,46,103,111,111,<br>
> >><br>
> >> 103,108,101,118,105,100,101,111,46,99,111,109,<br>
> >> 130,12,42,46,103,115,116,97,<br>
> >> 116,105,99,46,99,<br>
> >><br>
> >> 110,130,13,42,46,103,115,116,97,116,105,99,46,<br>
> >> 99,111,109,130,10,42,46,103,<br>
> >> 118,116,49,46,99,<br>
> >><br>
> >> 111,109,130,10,42,46,103,118,116,50,46,99,111,<br>
> >><br>
> >> 109,130,20,42,46,109,101,116,114,105,99,46,103,<br>
> >><br>
> >> 115,116,97,116,105,99,46,99,111,109,130,12,42,<br>
> >><br>
> >> 46,117,114,99,104,105,110,46,99,111,109,130,16,<br>
> >><br>
> >> 42,46,117,114,108,46,103,111,111,103,108,101,46,<br>
> >><br>
> >> 99,111,109,130,22,42,46,121,111,117,116,117,98,<br>
> >><br>
> >> 101,45,110,111,99,111,111,107,105,101,46,99,111,<br>
> >><br>
> >> 109,130,13,42,46,121,111,117,116,117,98,101,46,<br>
> >><br>
> >> 99,111,109,130,22,42,46,121,111,117,116,117,98,<br>
> >><br>
> >> 101,101,100,117,99,97,116,105,111,110,46,99,111,<br>
> >><br>
> >> 109,130,11,42,46,121,116,105,109,103,46,99,111,<br>
> >><br>
> >> 109,130,11,97,110,100,114,111,105,100,46,99,111,<br>
> >> 109,130,4,103,46,99,111,130,6,<br>
> >> 103,111,111,46,<br>
> >> 103,108,130,20,103,111,111,<br>
> >> 103,108,101,45,97,<br>
> >><br>
> >> 110,97,108,121,116,105,99,115,46,99,111,109,130,<br>
> >><br>
> >> 10,103,111,111,103,108,101,46,99,111,109,130,18,<br>
> >><br>
> >> 103,111,111,103,108,101,99,111,109,109,101,114,<br>
> >><br>
> >> 99,101,46,99,111,109,130,10,117,114,99,104,105,<br>
> >><br>
> >> 110,46,99,111,109,130,8,121,111,117,116,117,46,<br>
> >><br>
> >> 98,101,130,11,121,111,117,116,117,98,101,46,99,<br>
> >><br>
> >> 111,109,130,20,121,111,117,116,117,98,101,101,<br>
> >><br>
> >> 100,117,99,97,116,105,111,110,46,99,111,109,48,<br>
> >><br>
> >> 11,6,3,85,29,15,4,4,3,2,7,128,48,104,6,8,43,6,1,<br>
> >><br>
> >> 5,5,7,1,1,4,92,48,90,48,43,6,8,43,6,1,5,5,7,48,<br>
> >><br>
> >> 2,134,31,104,116,116,112,58,47,47,112,107,105,<br>
> >><br>
> >> 46,103,111,111,103,108,101,46,99,111,109,47,71,<br>
> >><br>
> >> 73,65,71,50,46,99,114,116,48,43,6,8,43,6,1,5,5,<br>
> >><br>
> >> 7,48,1,134,31,104,116,116,112,58,47,47,99,108,<br>
> >><br>
> >> 105,101,110,116,115,49,46,103,111,111,103,108,<br>
> >><br>
> >> 101,46,99,111,109,47,111,99,115,112,48,29,6,3,<br>
> >><br>
> >> 85,29,14,4,22,4,20,94,50,174,238,148,244,84,157,<br>
> >><br>
> >> 175,208,233,225,119,147,54,144,110,147,101,106,<br>
> >> 48,12,6,3,85,29,19,1>>}<br>
> >> ** When State == hello<br>
> >> ** Data == [{data,<br>
> >> [{"StateData",<br>
> >> {state,client,<br>
> >> {#Ref<0.0.0.55>,<0.50.0>},<br>
> >><br>
> >> gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,<br>
> >> "<a href="http://google.com" target="_blank">google.com</a><br>
</div></div><span class="">> >> ",443,#Port<0.1310>,<br>
> >><br>
> >> {ssl_options,tls,<br>
> >> [{3,1}],<br>
> >> verify_none,<br>
</span>> >> {#Fun,[]},<br>
> >><br>
> >> #Fun,false,false,undefined,1,<br>
<div><div class="h5">> >><br>
> >> <<>>,"***",<<>>,"***","***","***",<<>>,"***",<br>
> >> undefined,undefined,"***","***",<br>
> >> [<<"�\n">>,<br>
> >> <<192,20>>,<br>
> >> <<0,57>>,<br>
> >> <<0,56>>,<br>
> >> <<192,5>>,<br>
> >> <<192,15>>,<br>
> >> <<0,53>>,<br>
> >> <<"�\b">>,<br>
> >> <<192,18>>,<br>
> >> <<0,22>>,<br>
> >> <<0,19>>,<br>
> >> <<192,3>>,<br>
> >> <<"�\r">>,<br>
> >> <<0,10>>,<br>
> >> <<"�\t">>,<br>
> >> <<192,19>>,<br>
> >> <<0,51>>,<br>
> >> <<0,50>>,<br>
> >> <<192,4>>,<br>
> >> <<192,14>>,<br>
> >> <<0,47>>,<br>
> >> <<192,7>>,<br>
> >> <<192,17>>,<br>
> >> <<0,5>>,<br>
> >> <<0,4>>,<br>
> >> <<0,21>>,<br>
> >> <<192,2>>,<br>
> >> <<"�\f">>,<br>
> >> <<0,9>>],<br>
</div></div>> >> #Fun,true,<br>
> >> 268435456,false,<br>
> >> undefined,false,undefined,<br>
<div><div class="h5">> >> undefined,true,<br>
> >> undefined,false},<br>
> >> {socket_options,binary,0,0,0,false},<br>
> >> "***","***","***",12306,"***",24597,<br>
> >> ssl_session_cache,<br>
> >> {3,1},<br>
> >> false,undefined,<br>
> >> {undefined,undefined},<br>
> >><br>
> >> undefined,undefined,"***","***","***",undefined,<br>
> >><br>
> >> "***","***","***",16403,#Ref<0.0.0.57>,undefined,<br>
> >> "***",<br>
> >> {false,first},<br>
> >> {<0.50.0>,#Ref<0.0.0.54>},<br>
> >> undefined,<br>
> >> {[],[]},<br>
> >> false,true,false,false,undefined,undefined,<br>
> >> undefined}}]}]<br>
> >> ** Reason for termination =<br>
> >> ** {{badmatch,<<>>},<br>
> >> [{ssl_handshake,dec_hello_extensions,2,<br>
> >> [{file,"ssl_handshake.erl"},{line,1737}]},<br>
> >> {ssl_handshake,decode_handshake,3,<br>
> >> [{file,"ssl_handshake.erl"},{line,926}]},<br>
> >> {tls_handshake,get_tls_handshake_aux,3,<br>
> >> [{file,"tls_handshake.erl"},{line,155}]},<br>
> >><br>
> >> {tls_connection,next_state,4,[{file,"tls_connection.erl"},{line,433}]},<br>
> >> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},<br>
> >> {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}<br>
> >><br>
> >><br>
> >> why I cannot connect to a https site?<br>
> >><br>
> >> Bogdan<br>
> >><br>
> >><br>
> >><br>
> >> _______________________________________________<br>
> >> erlang-questions mailing list<br>
> >> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
> >> <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
> >><br>
> >><br>
> > --<br>
> > Loïc Hoguin<br>
> > <a href="http://ninenines.eu" target="_blank">http://ninenines.eu</a><br>
> ><br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
<br>
</div></div>—<br>
<span class="HOEnZb"><font color="#888888">Dave Cottlehuber<br>
<a href="mailto:dch@skunkwerks.at">dch@skunkwerks.at</a><br>
<a href="tel:%2B43%20688%2060%2056%2021%2044" value="+4368860562144">+43 688 60 56 21 44</a><br>
Sent from the Cloud<br>
<br>
<br>
</font></span></blockquote></div><br></div>