[erlang-questions] 'new' SSL API crash

Brady McCary brady.mccary@REDACTED
Mon May 3 21:26:17 CEST 2010


M,

I think you have just disclosed a private encryption key on this list.
Hopefully it is a dummy key.

Brady

On Mon, May 3, 2010 at 1:53 PM,  <org.erlang@REDACTED> wrote:
> Hello. Is the 'ssl_new' module known to be broken, currently?
>
> I've tried using the 'old' ssl module but it seems to have no way to
> actually fail SSL handshakes for non-verified connections and the like,
> so I'm forced to use the new implementation.
>
> However, I can't get it to do anything without crashing. I know the
> certificates are valid as I've tested them using the openssl s_client
> and s_server command line utilities.
>
> Test program:
>
> -module (sslserv_new).
> -export ([start/0]).
>
> server_ssl_settings () -> [
>  %% Socket options.
>  {active,     false},
>  {reuseaddr,  true},
>
>  %% SSL options.
>  {cacertfile,     "TEST_CA/ca-cert.pem"},
>  {certfile,       "TEST_CA/hosts/pacifico_server/cert.pem"},
>  {keyfile,        "TEST_CA/hosts/pacifico_server/key.pem"},
>  {ssl_imp,        new},
>  {verify,         verify_peer},
>  {depth,          1},
>  {ciphers,        ssl:cipher_suites()},
>  {reuse_sessions, false}
> ].
>
> start() ->
>  io:format ("ssl:listen\n"),
>  {ok, Socket} = ssl:listen (10000, server_ssl_settings ()),
>
>  io:format ("ssl:transport_accept\n"),
>  {ok, Client_Socket} = ssl:transport_accept (Socket),
>
>  io:format ("ssl:ssl_accept\n"),
>  case ssl:ssl_accept (Client_Socket) of
>    ok ->
>      io:format ("ssl:ssl_accept: accepted\n"),
>      io:format ("ssl:close\n"),
>      ok = ssl:close (Client_Socket);
>    {error, Reason} ->
>      io:format ("ssl:ssl_accept: error ~w\n", [Reason])
>  end,
>
>  io:format ("ssl:close\n"),
>  ok = ssl:close (Socket).
>
> --
>
> Erlang R13B03 (erts-5.7.4) [source] [64-bit] [smp:8:8] [rq:8] [async-threads:0] [hipe] [kernel-poll:false]
> Eshell V5.7.4  (abort with ^G)
>
> application:start (sasl),
> application:start (crypto),
> application:start (ssl),
>
> --
>
> 1> ssl:versions().
> [{ssl_app,"3.10.7"},
>  {supported,[tlsv1,sslv3]},
>  {available,[tlsv1,sslv3]}]
> 2> sslserv_new:start().
> ssl:listen
> ssl:transport_accept
> ssl:ssl_accept
>
> Then, connecting using 'openssl s_client' using a known, verifiable test certificate:
>
> ** exception exit: {{function_clause,[{pubkey_cert,select_extension,
>                                                   [{2,5,29,35},asn1_NOVALUE]},
>                                      {pubkey_cert,issuer_id,2},
>                                      {ssl_certificate,certificate_chain,4},
>                                      {ssl_handshake,certificate,3},
>                                      {ssl_connection,certify_server,1},
>                                      {ssl_connection,server_certify_and_key_exchange,1},
>                                      {ssl_connection,do_server_hello,2},
>                                      {lists,foldl,3}]},
>                    {gen_fsm,sync_send_all_state_event,
>                             [<0.60.0>,started,infinity]}}
>     in function  gen_fsm:sync_send_all_state_event/3
>     in call from ssl:ssl_accept/2
>     in call from sslserv_new:start/0
> 3>
> =ERROR REPORT==== 3-May-2010::15:57:29 ===
> ** State machine <0.60.0> terminating
> ** Last event in was {ssl_tls,undefined,22,
>                              {3,1},
>                              <<1,0,0,133,3,1,0,93,0,0,0,32,0,0,57,0,0,56,0,0,
>                                53,0,0,136,0,0,135,0,0,132,0,0,22,0,0,19,0,0,
>                                10,7,0,192,0,0,51,0,0,50,0,0,47,0,0,69,0,0,68,
>                                0,0,65,3,0,128,0,0,5,0,0,4,1,0,128,0,0,21,0,0,
>                                18,0,0,9,6,0,64,0,0,20,0,0,17,0,0,8,0,0,6,4,0,
>                                128,0,0,3,2,0,128,198,211,40,132,76,120,105,
>                                20,171,188,10,216,42,133,0,122,173,212,152,
>                                167,161,137,84,183,0,215,233,12,153,221,99,235>>} (for all states)
> ** When State == hello
> **      Data  == {state,server,
>                     {#Ref<0.0.0.70>,<0.35.0>},
>                     gen_tcp,tcp,tcp_closed,"localhost",10000,#Port<0.1154>,
>                     {ssl_options,[],verify_none,#Fun<ssl.2.46498989>,false,
>                         false,1,"TEST_CA/hosts/pacifico_server/cert.pem",
>                         "TEST_CA/hosts/pacifico_server/key.pem",undefined,
>                         undefined,"TEST_CA/ca-cert.pem",
>                         [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
>                         #Fun<ssl.0.78632910>,false,[]},
>                     {socket_options,list,0,0,0,false},
>                     {connection_states,
>                         {connection_state,
>                             {security_parameters,undefined,0,0,0,undefined,
>                                 undefined,undefined,undefined,0,undefined,0,
>                                 undefined,undefined,undefined,undefined},
>                             undefined,undefined,undefined,1},
>                         {connection_state,
>                             {security_parameters,undefined,0,undefined,
>                                 undefined,undefined,undefined,undefined,
>                                 undefined,undefined,undefined,undefined,
>                                 undefined,undefined,
>                                 <<75,222,242,105,194,191,18,141,171,244,247,
>                                   203,234,237,111,11,152,119,181,103,91,155,
>                                   92,85,84,17,57,121,20,164,73,110>>,
>                                 undefined},
>                             undefined,undefined,undefined,undefined},
>                         {connection_state,
>                             {security_parameters,undefined,0,0,0,undefined,
>                                 undefined,undefined,undefined,0,undefined,0,
>                                 undefined,undefined,undefined,undefined},
>                             undefined,undefined,undefined,0},
>                         {connection_state,
>                             {security_parameters,undefined,0,undefined,
>                                 undefined,undefined,undefined,undefined,
>                                 undefined,undefined,undefined,undefined,
>                                 undefined,undefined,
>                                 <<75,222,242,105,194,191,18,141,171,244,247,
>                                   203,234,237,111,11,152,119,181,103,91,155,
>                                   92,85,84,17,57,121,20,164,73,110>>,
>                                 undefined},
>                             undefined,undefined,undefined,undefined}},
>                     <<>>,<<>>,
>                     {{<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
>                         16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
>                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
>                         98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
>                         0,0,0,0,0>>,
>                       <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
>                         50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,97,
>                         120,95,116,111,111,108,115,45,49,46,54,46,52,47,101,
>                         98,105,110,47,115,115,108,95,104,97,110,100,115,104,
>                         97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,0,0,
>                         185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>},
>                      {<<1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,
>                         16,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,112,125,116,1,8,0,
>                         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
>                         98,101,97,109,0,0,0,0,113,0,0,0,0,0,0,0,3,0,0,0,0,0,0,
>                         0,0,0,0,0>>,
>                       <<1,35,69,103,137,171,205,239,254,220,186,152,118,84,
>                         50,16,240,225,210,195,0,0,0,0,0,0,0,0,121,110,116,
>                         97,120,95,116,111,111,108,115,45,49,46,54,46,52,47,
>                         101,98,105,110,47,115,115,108,95,104,97,110,100,115,
>                         104,97,107,101,46,98,101,97,109,0,0,0,193,1,0,0,0,0,
>                         0,0,185,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0>>}},
>                     [],
>                     <<48,130,3,93,48,130,2,69,2,1,1,48,13,6,9,42,134,72,134,
>                       247,13,1,1,5,5,0,48,129,136,49,17,48,15,6,3,85,4,10,19,
>                       8,80,65,67,73,70,73,67,79,49,20,48,18,6,3,85,4,11,20,11,
>                       112,97,99,105,102,105,99,111,95,99,97,49,36,48,34,6,9,
>                       42,134,72,134,247,13,1,9,1,22,21,112,97,99,105,102,105,
>                       99,111,95,99,97,64,108,111,99,97,108,104,111,115,116,49,
>                       10,48,8,6,3,85,4,7,19,1,46,49,10,48,8,6,3,85,4,8,19,1,
>                       46,49,11,48,9,6,3,85,4,6,19,2,90,90,49,18,48,16,6,3,85,
>                       4,3,19,9,108,111,99,97,108,104,111,115,116,48,30,23,13,
>                       49,48,48,53,48,50,49,51,52,57,52,51,90,23,13,50,48,48,
>                       52,50,57,49,51,52,57,52,51,90,48,96,49,11,48,9,6,3,85,4,
>                       6,19,2,90,90,49,10,48,8,6,3,85,4,8,19,1,46,49,17,48,15,
>                       6,3,85,4,10,19,8,80,65,67,73,70,73,67,79,49,24,48,22,6,
>                       3,85,4,11,20,15,112,97,99,105,102,105,99,111,95,115,101,
>                       114,118,101,114,49,24,48,22,6,3,85,4,3,20,15,112,97,99,
>                       105,102,105,99,111,95,115,101,114,118,101,114,48,130,1,
>                       34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,
>                       0,48,130,1,10,2,130,1,1,0,240,234,138,84,118,47,107,232,
>                       150,182,200,67,1,35,15,48,208,88,231,11,213,21,249,110,
>                       226,145,33,249,255,250,114,58,255,247,130,249,140,60,
>                       108,201,2,98,26,254,16,213,173,238,140,201,39,75,7,97,
>                       209,120,94,80,69,11,72,117,162,83,84,194,57,232,106,19,
>                       2,196,52,255,102,220,178,30,82,85,10,96,118,20,104,238,
>                       54,214,183,157,110,205,247,220,236,34,209,225,95,113,
>                       244,195,193,56,177,196,204,248,203,210,172,236,124,75,
>                       60,246,172,183,76,9,253,155,20,101,63,66,12,109,213,186,
>                       167,95,2,197,100,120,22,94,247,229,2,22,95,54,216,42,78,
>                       230,204,144,123,218,153,113,128,155,236,88,228,171,169,
>                       59,165,2,122,196,149,208,179,249,5,86,38,39,217,79,193,
>                       7,121,41,193,201,3,43,109,225,62,195,67,173,248,3,245,
>                       81,210,197,193,236,3,91,150,57,142,97,34,18,138,104,212,
>                       252,188,6,165,221,221,243,166,115,40,247,179,191,163,
>                       127,190,211,153,161,229,113,220,178,216,48,240,116,133,
>                       103,20,107,225,88,214,163,63,233,4,175,50,61,6,22,240,
>                       78,107,145,2,3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,
>                       5,5,0,3,130,1,1,0,103,56,251,221,227,238,147,176,66,136,
>                       67,183,114,184,232,52,77,105,35,127,218,87,140,246,244,
>                       131,178,205,126,183,13,38,12,90,3,172,190,31,142,5,170,
>                       202,43,229,222,118,97,167,201,150,182,54,41,67,173,234,
>                       202,139,219,152,255,34,15,191,247,240,37,69,210,46,137,
>                       148,86,105,182,112,77,238,106,8,115,135,239,117,148,12,
>                       71,65,61,149,149,238,4,8,48,118,236,135,158,183,156,215,
>                       132,122,46,139,35,81,172,60,217,218,157,198,183,10,142,
>                       41,67,186,92,144,238,232,144,223,150,33,7,141,63,164,
>                       230,173,145,48,36,152,147,32,83,156,37,23,191,250,58,51,
>                       26,228,110,156,248,226,26,247,42,10,180,228,98,202,249,
>                       31,223,122,26,83,94,47,134,135,202,150,140,201,178,178,
>                       137,77,116,240,36,174,17,44,221,75,61,53,196,213,107,79,
>                       230,160,158,202,223,113,180,19,11,255,19,247,161,211,
>                       221,185,204,232,155,16,207,175,83,7,237,175,220,121,90,
>                       170,96,198,200,43,146,250,75,86,97,65,60,250,211,255,
>                       104,133,172,217,210,30,144,86,10,90,96,157,85,79,59,249,
>                       206,138>>,
>                     {session,undefined,undefined,undefined,undefined,
>                         undefined,false,undefined},
>                     20499,ssl_session_cache,undefined,undefined,false,
>                     undefined,undefined,
>                     {'RSAPrivateKey','two-prime',
>                         30412849349635586059878763176680338042806370928303169072580788733024438138591624114344661613699569307282187776490585714522517050565529617950655734681469324828571314711428867434319920530980711392758700590981596083356704738486321722811445451684075618202284684847604912244382636109829288466866694913244559971697849183994297490539908862341588923396172960090070282527346558060132865021448687169667310568206513992904712186265982889729037153800223846493957161193620543020688239671219777230989849538520312806141702778165525520364118176466217430310054602386812099554335308017341261109213665732076271625040081260558423830719377,
>                         65537,
>                         15199231804150546259658042484791966551963578848813856243560714914822915640833292103958537953118116384964424618816792863691594075974988046092098009948916868274565455708125634299346634071611627633962886925804052924579735878963676936497600941132620179791254257637877896314147191365262961154085247394502328039931767245176290407517156245147167225384726350170243685109653662879990481102526168621741076751484642682168826381020813101510533444174790316691177259394914972358200408962095948054841259799747816506752270496315220170738960924479086469481940145231690103702610522190880399648129761477972116477505211965989493531309937,
>                         176191409302436409962613455746475864610360333729834662591534394409663736050830385559280211933901474704302550960882948381498437634097559237504384892632519298195621737913663090630551501287500290638791916696994910572811737440764017948768162498168387518624603640493626338734757174408297008712871342547046062968773,
>                         172612555118571442807091000766318626155131399021717029980434951225715253087609998682422104752170804119306391847675331885937326037489735337859546704781797012286523769446860097366850215779124291431114338493212796775116102030799794358724497530713924646525414698841688697157985955712166061805209593917296689331549,
>                         115903444433627393782263321545723293331734054164222225210892027584256572449507905186866785127399184849045448785046396243696852820257472478863680691688255061778989645008679725395796822001414659353031068139231954233716215642251222085345576111525329549764925342157273276401618189772044808880926946913777711318945,
>                         160346862926570173155556405185673405256944925346630648110363303639494401757384328238794234360928308509443110543455974567280534799615104252084916968843795140271961900665652116021390071816425635325483939262810245627188737532006217565026586655932736202152482519271281991592202648637512700347912783277919685772993,
>                         153756145373284063246387226074130484888653092242571108769579800148375684177761146700330667363028796981671449245310468559005581499287242595226649317375919855635375141187450874362896818902873290546399632649342407712407283763334294537805123192425374231179698233819636663246910878178808591809105825780945571002589,
>                         asn1_NOVALUE},
>                     undefined,undefined,#Ref<0.0.0.73>,
>                     {<0.35.0>,#Ref<0.0.0.80>},
>                     0,<<>>,true}
> ** Reason for termination =
> ** {function_clause,[{pubkey_cert,select_extension,[{2,5,29,35},asn1_NOVALUE]},
>                     {pubkey_cert,issuer_id,2},
>                     {ssl_certificate,certificate_chain,4},
>                     {ssl_handshake,certificate,3},
>                     {ssl_connection,certify_server,1},
>                     {ssl_connection,server_certify_and_key_exchange,1},
>                     {ssl_connection,do_server_hello,2},
>                     {lists,foldl,3}]}
>
> =CRASH REPORT==== 3-May-2010::15:57:29 ===
>  crasher:
>    initial call: ssl_connection:init/1
>    pid: <0.60.0>
>    registered_name: []
>    exception exit: {function_clause,
>                        [{pubkey_cert,select_extension,
>                             [{2,5,29,35},asn1_NOVALUE]},
>                         {pubkey_cert,issuer_id,2},
>                         {ssl_certificate,certificate_chain,4},
>                         {ssl_handshake,certificate,3},
>                         {ssl_connection,certify_server,1},
>                         {ssl_connection,server_certify_and_key_exchange,1},
>                         {ssl_connection,do_server_hello,2},
>                         {lists,foldl,3}]}
>      in function  gen_fsm:terminate/7
>    ancestors: [ssl_connection_sup,ssl_sup,<0.50.0>]
>    messages: []
>    links: [<0.54.0>]
>    dictionary: []
>    trap_exit: false
>    status: running
>    heap_size: 610
>    stack_size: 24
>    reductions: 1822
>  neighbours:
>
> =SUPERVISOR REPORT==== 3-May-2010::15:57:29 ===
>     Supervisor: {local,ssl_connection_sup}
>     Context:    child_terminated
>     Reason:     {function_clause,
>                     [{pubkey_cert,select_extension,
>                          [{2,5,29,35},asn1_NOVALUE]},
>                      {pubkey_cert,issuer_id,2},
>                      {ssl_certificate,certificate_chain,4},
>                      {ssl_handshake,certificate,3},
>                      {ssl_connection,certify_server,1},
>                      {ssl_connection,server_certify_and_key_exchange,1},
>                      {ssl_connection,do_server_hello,2},
>                      {lists,foldl,3}]}
>     Offender:   [{pid,<0.60.0>},
>                  {name,undefined},
>                  {mfa,
>                      {ssl_connection,start_link,
>                          [server,"localhost",10000,#Port<0.1154>,
>                           {{ssl_options,[],verify_none,#Fun<ssl.2.46498989>,
>                                false,false,1,
>                                "TEST_CA/hosts/pacifico_server/cert.pem",
>                                "TEST_CA/hosts/pacifico_server/key.pem",
>                                undefined,[],"TEST_CA/ca-cert.pem",
>                                [<<0,10>>,<<0,47>>,<<0,5>>,<<0,4>>,<<0,9>>],
>                                #Fun<ssl.0.78632910>,false,[]},
>                            {socket_options,list,0,0,0,false}},
>                           <0.35.0>,
>                           {gen_tcp,tcp,tcp_closed}]}},
>                  {restart_type,temporary},
>                  {shutdown,4000},
>                  {child_type,worker}]
>
> Any ideas what might be going on?
>
> Regards,
> M
>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>


More information about the erlang-questions mailing list