[erlang-questions] SSL connection problem

Denis Justinek denis.justinek@REDACTED
Sun Jun 7 17:12:57 CEST 2015


Hello!

For the last few days I stared experiencing problems when connecting to
Apple Push Notification Service (APNS) with
Erlangs SSL.

When trying to connect I encounter the following error:

** exception exit: {{function_clause,[{ssl_cipher,hash_algorithm,"ï",

[{file,"ssl_cipher.erl"},{line,1196}]},

{ssl_handshake,'-decode_handshake/3-lc$^0/1-0-',1,

[{file,"ssl_handshake.erl"},{line,945}]},

{ssl_handshake,'-decode_handshake/3-lc$^0/1-0-',1,

[{file,"ssl_handshake.erl"},{line,946}]},
                                      {ssl_handshake,decode_handshake,3,

[{file,"ssl_handshake.erl"},{line,945}]},

{tls_handshake,get_tls_handshake_aux,3,

[{file,"tls_handshake.erl"},{line,155}]},
                                      {tls_connection,next_state,4,

[{file,"tls_connection.erl"},{line,433}]},
                                      {tls_connection,next_state,4,

[{file,"tls_connection.erl"},{line,437}]},

{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]}]},
                    {gen_fsm,sync_send_all_state_event,
                             [<0.1221.0>,{start,1000},infinity]}}
     in function  gen_fsm:sync_send_all_state_event/3 (gen_fsm.erl, line
242)
     in call from ssl_connection:sync_send_all_state_event/2
(ssl_connection.erl, line 1654)
     in call from ssl_connection:handshake/2 (ssl_connection.erl, line 101)
     in call from tls_connection:start_fsm/8 (tls_connection.erl, line 81)
     in call from ssl_connection:connect/8 (ssl_connection.erl, line 71)
16:53:13.961 <0.1221.0> Undefined Undefined [error] gen_fsm <0.1221.0> in
state certify terminated with reason: no function clause matching
ssl_cipher:hash_algorithm(239) line 1196
16:53:13.964 <0.1221.0> Undefined Undefined [error] CRASH REPORT Process
<0.1221.0> with 0 neighbours exited with reason: no function clause
matching ssl_cipher:hash_algorithm(239) line 1196 in gen_fsm:terminate/7
line 611
16:53:13.965 <0.174.0> Undefined Undefined [error] Supervisor
tls_connection_sup had child undefined started with
{tls_connection,start_link,undefined} at <0.1221.0> exit with reason no
function clause matching ssl_cipher:hash_algorithm(239) line 1196 in
context child_terminated

Steps to reproduce (you need an APNS certificate for this):

    application:ensure_all_started(ssl).
    Address = "gateway.sandbox.push.apple.com".
    Port = 2195.
    Cert = "cert.pem".
    CertPass = "*****".
    Options1 = [{certfile,Cert},{password,CertPass},{mode,binary}].
    Timeout = 1000.
    {ok,Socket} = ssl:connect(Address, Port, Options1, Timeout).

If we try to connect with the same certificate by using OpenSSL from
command line (s_client) if works fine with no errors.

    Terminal command: openssl s_client -connect
gateway.sandbox.push.apple.com:2195 -cert cert.pem -debug
    Enter pass phrase for cert.pem:
    CONNECTED(00000003)
    ...
    Certificate chain
     0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=
gateway.sandbox.push.apple.com
       i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
     1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
       i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
    ---
    ...
    subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=
gateway.sandbox.push.apple.com
    issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2760 bytes and written 2363 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : AES256-SHA
        Session-ID:
        Session-ID-ctx:
        Master-Key: ...
        Key-Arg   : None
        Start Time: 1433689177
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
---

Is this an issue with Erlang SSL module? How can it be mitigated?

This can be reproduced on OSX and Linux - Erlang 17.4.

With regards,
    Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150607/8813624f/attachment.htm>


More information about the erlang-questions mailing list