[erlang-questions] Still problems with new SSL?

Ingela Andin ingela@REDACTED
Tue Jul 13 22:53:56 CEST 2010 

Hi!

I have tested this with different openssl servers both with and
without secure renegotiation and it works fine.
I rather suspect that you  have the same problem as disucssed  by the
thread  "New SSL related observation / question"
e.i. that the padding is incorrect.  I get the same error as you with
the goggle server when trying it from home.
(Behinde a firewall at work).

Regards Ingela Erlang OTP/Team, Ericsson AB


2010/7/11 Steve Davis <steven.charles.davis@REDACTED>:
> Can anyone make the code below (specifically against https://www.google.com)
> work for
>
> ssltest:run(new)?
>
> I'm using the key.pem and cert.pem copied from ERLANG_HOME/lib/ssl-4.0/
> examples/certs/etc/client
>
> My results are:
> 2> ssltest:run(old).
> {ok,<<"HTTP/1.1 200 OK\r\nDate: Sun, 11 Jul 2010 16:20:13 GMT\r
> \nExpires: -1\r\nCache-Control: private, max-age=0\r\nConten"...>>}
> 3> ssltest:run(new).
>
> =ERROR REPORT==== 11-Jul-2010::11:20:17 ===
> SSL: decipher_error: ./ssl_record.erl:680:Fatal error: bad record mac
> {error,"bad record mac"}
> 4>
>
> ----- module ssltest.erl ------
> -module(ssltest).
>
> -export([run/1]).
>
> -define(HOST, "www.google.com").
> -define(PORT, 443).
> -define(REQUEST,
>        <<"GET / HTTP/1.1\r\n",
>        "Connection: close\r\n",
>        "User-Agent: Mozilla/5.0 (Windows NT 5.1; en-US) Test/1.0.0\r\n",
>        "Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/
> plain;q=0.8,image/png,*/*;q=0.5\r\n",
>        "Accept-Language: en-US,en;q=0.8\r\n",
>        "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n",
>        "\r\n">>).
>
> run(Impl) when Impl =:= old; Impl =:= new ->
>        Opts = [binary, {ip, {0, 0, 0, 0}}, {active, false}, {packet, 0},
>                {ssl_imp, Impl}, {verify, 0}, {depth, 1},
>                {keyfile, "./key.pem"},
>                {certfile, "./cert.pem"}],
>        ssl:start(),
>        {ok, Socket} = ssl:connect(?HOST, ?PORT, Opts),
>        ok = ssl:send(Socket, ?REQUEST),
>        catch ssl:recv(Socket, 0, 10000).
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>

More information about the erlang-questions mailing list