'new' SSL API crash

org.erlang@REDACTED org.erlang@REDACTED
Mon May 3 20:53:12 CEST 2010


Hello. Is the 'ssl_new' module known to be broken, currently?

I've tried using the 'old' ssl module but it seems to have no way to
actually fail SSL handshakes for non-verified connections and the like,
so I'm forced to use the new implementation.

However, I can't get it to do anything without crashing. I know the
certificates are valid as I've tested them using the openssl s_client
and s_server command line utilities.

Test program:

-module (sslserv_new).
-export ([start/0]).

server_ssl_settings () -> [
  %% Socket options.
  {active,     false},
  {reuseaddr,  true},

  %% SSL options.
  {cacertfile,     "TEST_CA/ca-cert.pem"},
  {certfile,       "TEST_CA/hosts/pacifico_server/cert.pem"},
  {keyfile,        "TEST_CA/hosts/pacifico_server/key.pem"},
  {ssl_imp,        new},
  {verify,         verify_peer},
  {depth,          1},
  {ciphers,        ssl:cipher_suites()},
  {reuse_sessions, false}
].

start() ->
  io:format ("ssl:listen\n"),
  {ok, Socket} = ssl:listen (10000, server_ssl_settings ()),

  io:format ("ssl:transport_accept\n"),
  {ok, Client_Socket} = ssl:transport_accept (Socket),

  io:format ("ssl:ssl_accept\n"),
  case ssl:ssl_accept (Client_Socket) of
    ok ->
      io:format ("ssl:ssl_accept: accepted\n"),
      io:format ("ssl:close\n"),
      ok = ssl:close (Client_Socket);
    {error, Reason} ->
      io:format ("ssl:ssl_accept: error ~w\n", [Reason])
  end,

  io:format ("ssl:close\n"),
  ok = ssl:close (Socket).

--

Erlang R13B03 (erts-5.7.4) [source] [64-bit] [smp:8:8] [rq:8] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V5.7.4  (abort with ^G)

application:start (sasl),
application:start (crypto),
application:start (ssl),

--

1> ssl:versions().
[{ssl_app,"3.10.7"},
 {supported,[tlsv1,sslv3]},
 {available,[tlsv1,sslv3]}]
2> sslserv_new:start().
ssl:listen
ssl:transport_accept
ssl:ssl_accept

Then, connecting using 'openssl s_client' using a known, verifiable test certificate:

** exception exit: {{function_clause,[{pubkey_cert,select_extension,
                                                   [{2,5,29,35},asn1_NOVALUE]},
                                      {pubkey_cert,issuer_id,2},
                                      {ssl_certificate,certificate_chain,4},
                                      {ssl_handshake,certificate,3},
                                      {ssl_connection,certify_server,1},
                                      {ssl_connection,server_certify_and_key_exchange,1},
                                      {ssl_connection,do_server_hello,2},
                                      {lists,foldl,3}]},
                    {gen_fsm,sync_send_all_state_event,
                             [<0.60.0>,started,infinity]}}
     in function  gen_fsm:sync_send_all_state_event/3
     in call from ssl:ssl_accept/2
     in call from sslserv_new:start/0
3> 
=ERROR REPORT==== 3-May-2010::15:57:29 ===
** State machine <0.60.0> terminating 
** Last event in was {ssl_tls,undefined,22,
                              {3,1},
                              <<1,0,0,133,3,1,0,93,0,0,0,32,0,0,57,0,0,56,0,0,
                                53,0,0,136,0,0,135,0,0,132,0,0,22,0,0,19,0,0,
                                10,7,0,192,0,0,51,0,0,50,0,0,47,0,0,69,0,0,68,
                                0,0,65,3,0,128,0,0,5,0,0,4,1,0,128,0,0,21,0,0,
                                18,0,0,9,6,0,64,0,0,20,0,0,17,0,0,8,0,0,6,4,0,
                                128,0,0,3,2,0,128,198,211,40,132,76,120,105,
                                20,171,188,10,216,42,133,0,122,173,212,152,
                                167,161,137,84,183,0,215,233,12,153,221,99,235>>} (for all states)
** When State == hello
**      Data  == {state,server,
                     {#Ref<0.0.0.70>,<0.35.0>},
                     gen_tcp,tcp,tcp_closed,"localhost",10000,#Port<0.1154>,
                     {ssl_options,[],verify_none,#Fun<ssl.2.46498989>,false,
                         false,1,"TEST_CA/hosts/pacifico_server/cert.pem",
                         "TEST_CA/hosts/pacifico_server/key.pem",undefined,
                         undefined,"TEST_CA/ca-cert.pem",
                         [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
                         #Fun<ssl.0.78632910>,false,[]},
                     {socket_options,list,0,0,0,false},
                     {connection_states,
                         {connection_state,
                             {security_parameters,undefined,0,0,0,undefined,
                                 undefined,undefined,undefined,0,undefined,0,
                                 undefined,undefined,undefined,undefined},
                             undefined,undefined,undefined,1},
                         {connection_state,
                             {security_parameters,undefined,0,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,
                                 <<75,222,242,105,194,191,18,141,171,244,247,
                                   203,234,237,111,11,152,119,181,103,91,155,
                                   92,85,84,17,57,121,20,164,73,110>>,
                                 undefined},
                             undefined,undefined,undefined,undefined},
                         {connection_state,
                             {security_parameters,undefined,0,0,0,undefined,
                                 undefined,undefined,undefined,0,undefined,0,
                                 undefined,undefined,undefined,undefined},
                             undefined,undefined,undefined,0},
                         {connection_state,
                             {security_parameters,undefined,0,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,
                                 <<75,222,242,105,194,191,18,141,171,244,247,
                                   203,234,237,111,11,152,119,181,103,91,155,
                                   92,85,84,17,57,121,20,164,73,110>>,
                                 undefined},
                             undefined,undefined,undefined,undefined}},
                     <<>>,<<>>,
                     {{<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
                         16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
                         0,0,0,0,0>>,
                       <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
                         50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,97,
                         120,95,116,111,111,108,115,45,49,46,54,46,52,47,101,
                         98,105,110,47,115,115,108,95,104,97,110,100,115,104,
                         97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,0,0,
                         185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>},
                      {<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
                         16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                         98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
                         0,0,0,0,0>>,
                       <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
                         50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,
                         97,120,95,116,111,111,108,115,45,49,46,54,46,52,47,
                         101,98,105,110,47,115,115,108,95,104,97,110,100,115,
                         104,97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,
                         0,0,185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>}},
                     [],
                     <<48,130,3,93,48,130,2,69,2,1,1,48,13,6,9,42,134,72,134,
                       247,13,1,1,5,5,0,48,129,136,49,17,48,15,6,3,85,4,10,19,
                       8,80,65,67,73,70,73,67,79,49,20,48,18,6,3,85,4,11,20,11,
                       112,97,99,105,102,105,99,111,95,99,97,49,36,48,34,6,9,
                       42,134,72,134,247,13,1,9,1,22,21,112,97,99,105,102,105,
                       99,111,95,99,97,64,108,111,99,97,108,104,111,115,116,49,
                       10,48,8,6,3,85,4,7,19,1,46,49,10,48,8,6,3,85,4,8,19,1,
                       46,49,11,48,9,6,3,85,4,6,19,2,90,90,49,18,48,16,6,3,85,
                       4,3,19,9,108,111,99,97,108,104,111,115,116,48,30,23,13,
                       49,48,48,53,48,50,49,51,52,57,52,51,90,23,13,50,48,48,
                       52,50,57,49,51,52,57,52,51,90,48,96,49,11,48,9,6,3,85,4,
                       6,19,2,90,90,49,10,48,8,6,3,85,4,8,19,1,46,49,17,48,15,
                       6,3,85,4,10,19,8,80,65,67,73,70,73,67,79,49,24,48,22,6,
                       3,85,4,11,20,15,112,97,99,105,102,105,99,111,95,115,101,
                       114,118,101,114,49,24,48,22,6,3,85,4,3,20,15,112,97,99,
                       105,102,105,99,111,95,115,101,114,118,101,114,48,130,1,
                       34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,
                       0,48,130,1,10,2,130,1,1,0,240,234,138,84,118,47,107,232,
                       150,182,200,67,1,35,15,48,208,88,231,11,213,21,249,110,
                       226,145,33,249,255,250,114,58,255,247,130,249,140,60,
                       108,201,2,98,26,254,16,213,173,238,140,201,39,75,7,97,
                       209,120,94,80,69,11,72,117,162,83,84,194,57,232,106,19,
                       2,196,52,255,102,220,178,30,82,85,10,96,118,20,104,238,
                       54,214,183,157,110,205,247,220,236,34,209,225,95,113,
                       244,195,193,56,177,196,204,248,203,210,172,236,124,75,
                       60,246,172,183,76,9,253,155,20,101,63,66,12,109,213,186,
                       167,95,2,197,100,120,22,94,247,229,2,22,95,54,216,42,78,
                       230,204,144,123,218,153,113,128,155,236,88,228,171,169,
                       59,165,2,122,196,149,208,179,249,5,86,38,39,217,79,193,
                       7,121,41,193,201,3,43,109,225,62,195,67,173,248,3,245,
                       81,210,197,193,236,3,91,150,57,142,97,34,18,138,104,212,
                       252,188,6,165,221,221,243,166,115,40,247,179,191,163,
                       127,190,211,153,161,229,113,220,178,216,48,240,116,133,
                       103,20,107,225,88,214,163,63,233,4,175,50,61,6,22,240,
                       78,107,145,2,3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,
                       5,5,0,3,130,1,1,0,103,56,251,221,227,238,147,176,66,136,
                       67,183,114,184,232,52,77,105,35,127,218,87,140,246,244,
                       131,178,205,126,183,13,38,12,90,3,172,190,31,142,5,170,
                       202,43,229,222,118,97,167,201,150,182,54,41,67,173,234,
                       202,139,219,152,255,34,15,191,247,240,37,69,210,46,137,
                       148,86,105,182,112,77,238,106,8,115,135,239,117,148,12,
                       71,65,61,149,149,238,4,8,48,118,236,135,158,183,156,215,
                       132,122,46,139,35,81,172,60,217,218,157,198,183,10,142,
                       41,67,186,92,144,238,232,144,223,150,33,7,141,63,164,
                       230,173,145,48,36,152,147,32,83,156,37,23,191,250,58,51,
                       26,228,110,156,248,226,26,247,42,10,180,228,98,202,249,
                       31,223,122,26,83,94,47,134,135,202,150,140,201,178,178,
                       137,77,116,240,36,174,17,44,221,75,61,53,196,213,107,79,
                       230,160,158,202,223,113,180,19,11,255,19,247,161,211,
                       221,185,204,232,155,16,207,175,83,7,237,175,220,121,90,
                       170,96,198,200,43,146,250,75,86,97,65,60,250,211,255,
                       104,133,172,217,210,30,144,86,10,90,96,157,85,79,59,249,
                       206,138>>,
                     {session,undefined,undefined,undefined,undefined,
                         undefined,false,undefined},
                     20499,ssl_session_cache,undefined,undefined,false,
                     undefined,undefined,
                     {'RSAPrivateKey','two-prime',
                         30412849349635586059878763176680338042806370928303169072580788733024438138591624114344661613699569307282187776490585714522517050565529617950655734681469324828571314711428867434319920530980711392758700590981596083356704738486321722811445451684075618202284684847604912244382636109829288466866694913244559971697849183994297490539908862341588923396172960090070282527346558060132865021448687169667310568206513992904712186265982889729037153800223846493957161193620543020688239671219777230989849538520312806141702778165525520364118176466217430310054602386812099554335308017341261109213665732076271625040081260558423830719377,
                         65537,
                         15199231804150546259658042484791966551963578848813856243560714914822915640833292103958537953118116384964424618816792863691594075974988046092098009948916868274565455708125634299346634071611627633962886925804052924579735878963676936497600941132620179791254257637877896314147191365262961154085247394502328039931767245176290407517156245147167225384726350170243685109653662879990481102526168621741076751484642682168826381020813101510533444174790316691177259394914972358200408962095948054841259799747816506752270496315220170738960924479086469481940145231690103702610522190880399648129761477972116477505211965989493531309937,
                         176191409302436409962613455746475864610360333729834662591534394409663736050830385559280211933901474704302550960882948381498437634097559237504384892632519298195621737913663090630551501287500290638791916696994910572811737440764017948768162498168387518624603640493626338734757174408297008712871342547046062968773,
                         172612555118571442807091000766318626155131399021717029980434951225715253087609998682422104752170804119306391847675331885937326037489735337859546704781797012286523769446860097366850215779124291431114338493212796775116102030799794358724497530713924646525414698841688697157985955712166061805209593917296689331549,
                         115903444433627393782263321545723293331734054164222225210892027584256572449507905186866785127399184849045448785046396243696852820257472478863680691688255061778989645008679725395796822001414659353031068139231954233716215642251222085345576111525329549764925342157273276401618189772044808880926946913777711318945,
                         160346862926570173155556405185673405256944925346630648110363303639494401757384328238794234360928308509443110543455974567280534799615104252084916968843795140271961900665652116021390071816425635325483939262810245627188737532006217565026586655932736202152482519271281991592202648637512700347912783277919685772993,
                         153756145373284063246387226074130484888653092242571108769579800148375684177761146700330667363028796981671449245310468559005581499287242595226649317375919855635375141187450874362896818902873290546399632649342407712407283763334294537805123192425374231179698233819636663246910878178808591809105825780945571002589,
                         asn1_NOVALUE},
                     undefined,undefined,#Ref<0.0.0.73>,
                     {<0.35.0>,#Ref<0.0.0.80>},
                     0,<<>>,true}
** Reason for termination = 
** {function_clause,[{pubkey_cert,select_extension,[{2,5,29,35},asn1_NOVALUE]},
                     {pubkey_cert,issuer_id,2},
                     {ssl_certificate,certificate_chain,4},
                     {ssl_handshake,certificate,3},
                     {ssl_connection,certify_server,1},
                     {ssl_connection,server_certify_and_key_exchange,1},
                     {ssl_connection,do_server_hello,2},
                     {lists,foldl,3}]}

=CRASH REPORT==== 3-May-2010::15:57:29 ===
  crasher:
    initial call: ssl_connection:init/1
    pid: <0.60.0>
    registered_name: []
    exception exit: {function_clause,
                        [{pubkey_cert,select_extension,
                             [{2,5,29,35},asn1_NOVALUE]},
                         {pubkey_cert,issuer_id,2},
                         {ssl_certificate,certificate_chain,4},
                         {ssl_handshake,certificate,3},
                         {ssl_connection,certify_server,1},
                         {ssl_connection,server_certify_and_key_exchange,1},
                         {ssl_connection,do_server_hello,2},
                         {lists,foldl,3}]}
      in function  gen_fsm:terminate/7
    ancestors: [ssl_connection_sup,ssl_sup,<0.50.0>]
    messages: []
    links: [<0.54.0>]
    dictionary: []
    trap_exit: false
    status: running
    heap_size: 610
    stack_size: 24
    reductions: 1822
  neighbours:

=SUPERVISOR REPORT==== 3-May-2010::15:57:29 ===
     Supervisor: {local,ssl_connection_sup}
     Context:    child_terminated
     Reason:     {function_clause,
                     [{pubkey_cert,select_extension,
                          [{2,5,29,35},asn1_NOVALUE]},
                      {pubkey_cert,issuer_id,2},
                      {ssl_certificate,certificate_chain,4},
                      {ssl_handshake,certificate,3},
                      {ssl_connection,certify_server,1},
                      {ssl_connection,server_certify_and_key_exchange,1},
                      {ssl_connection,do_server_hello,2},
                      {lists,foldl,3}]}
     Offender:   [{pid,<0.60.0>},
                  {name,undefined},
                  {mfa,
                      {ssl_connection,start_link,
                          [server,"localhost",10000,#Port<0.1154>,
                           {{ssl_options,[],verify_none,#Fun<ssl.2.46498989>,
                                false,false,1,
                                "TEST_CA/hosts/pacifico_server/cert.pem",
                                "TEST_CA/hosts/pacifico_server/key.pem",
                                undefined,[],"TEST_CA/ca-cert.pem",
                                [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
                                #Fun<ssl.0.78632910>,false,[]},
                            {socket_options,list,0,0,0,false}},
                           <0.35.0>,
                           {gen_tcp,tcp,tcp_closed}]}},
                  {restart_type,temporary},
                  {shutdown,4000},
                  {child_type,worker}]

Any ideas what might be going on?

Regards,
M



More information about the erlang-questions mailing list