[erlang-questions] SSL handshake fails

Iván Martínez ivan.martinez@REDACTED
Fri Sep 19 11:00:36 CEST 2014


Hello all,
I just hired a CentOS 7 server that came with very little software
installed. I installed Erlang 17.3 from sources, attached is output of the
configure step. Now I'm trying to install zotonic but it fails when trying
to do a SSL handshake with github, see below:

[ivan@REDACTED zotonic]$ make
erl -noshell -s inets -s ssl \
  -eval '{ok, saved_to_file} = httpc:request(get, {"
https://github.com/rebar/rebar/wiki/rebar", []}, [], [{stream,
"./rebar"}])' \
  -s init stop
{"init terminating in
do_boot",{{badmatch,{error,{failed_connect,[{to_address,{"github.com",443}},{inet,[inet],{eoptions,{{{badmatch,<<0
bytes>>},[{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1737}]},{ssl_handshake,decode_handshake,3,[{file,"ssl_handshake.erl"},{line,926}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handshake.erl"},{line,155}]},{tls_connection,next_state,4,[{file,"tls_connection.erl"},{line,433}]},{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]},{gen_fsm,sync_send_all_state_event,[<0.54.0>,{start,infinity},infinity]}}}}]}}},[{erl_eval,expr,3,[]}]}}

Crash dump was written to: erl_crash.dump
init terminating in do_boot ()
make: *** [rebar] Error 1

I tried to do the handshake with openssl and apparently it works:

[ivan@REDACTED zotonic]$ openssl s_client -host github.com -port 443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2
Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, 1.3.6.1.4.1.311.60.2.1.3 =
US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, serialNumber = 5157550, street =
548 4th Street, postalCode = 94107, C = US, ST = California, L = San
Francisco, O = "GitHub, Inc.", CN = github.com
verify return:1
---
Certificate chain
 0 s:/businessCategory=Private
Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548
4th Street/postalCode=94107/C=US/ST=California/L=San Francisco/O=GitHub,
Inc./CN=github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended
Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended
Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV
Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
...
XX4C2NesiZcLYbc2n7B9O+63M2k=
-----END CERTIFICATE-----
subject=/businessCategory=Private
Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548
4th Street/postalCode=94107/C=US/ST=California/L=San Francisco/O=GitHub,
Inc./CN=github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended
Validation Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3233 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID:
DDEF6E78852287351EC5B20FFDD2578F8996E7226CB883A5F1A94325048B79C6
    Session-ID-ctx:
    Master-Key:
D6C6283F463BFCD5A160E0CCE0CC8962CF944E5C98153040E4BC20466981B1622A5327C1E6BBED5F1751A049782908E5
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1411113552
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed

What can be wrong?. Thank you.
Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140919/694192b6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erlconf.out
Type: application/octet-stream
Size: 36452 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140919/694192b6/attachment.obj>


More information about the erlang-questions mailing list