[erlang-bugs] ssl socket session upgrade fails
Delorum
dan353hehe@REDACTED
Sat Nov 17 00:37:36 CET 2012
So i think that reusing sessions might be broke if the client and the server do not have the same version of openssl installed on their machine.
here is a bit of code that can trigger the error:
ssl:start(),
{ok,Listen} = ssl:listen(443,[{reuseaddr,true},{certfile,"/mnt/ssl/mysite.com.crt"},{keyfile,"mysite.com.key"}]),
{ok,NewSocket} = ssl:transport_accept(Listen),
ssl:ssl_accept(NewSocket),
{ok,NewSock2} = ssl:transport_accept(Listen),
ssl:ssl_accept(NewSock2).
and here is what can be run in another shell to case the error:
openssl s_client -ssl3 -connect 192.168.0.10:443 -reconnect
the interesting thing that I have noticed is that when running the openssl s_client command from the same machine that the erlang server is runing DOES NOT cause the issue. But when running the same command from any other machine, and I tested it with 12 machines here in the office it fails.
to be more specific, if the version of openssl on the CLIENT machine is 0.9.8r, and the server version is in the 1.0.1 series.
really the problem is that clients should not have to upgrade their version of openssl in order to visit websites hosted by an erlang application.
and here is the crash, i removed all the binary data and the private key data because this is not a test cert:
=ERROR REPORT==== 16-Nov-2012::16:54:57 ===
** State machine <0.49.0> terminating
** Last message in was {tcp,#Port<0.1263>,
<< removed >>}
** When State == hello
** Data == {state,server,
{#Ref<0.0.0.58>,<0.32.0>},
gen_tcp,tcp,tcp_closed,tcp_error,"localhost",443,
#Port<0.1263>,
{ssl_options,[],verify_none,
{#Fun<ssl.1.5831185>,[]},
false,false,undefined,1,
<<"/mnt/ssl/mysite.com.crt">>,
undefined,
<<"/mnt/ssl/mysite.com.key">>,
undefined,undefined,undefined,<<>>,undefined,
undefined,
[<<0,57>>,
<<0,56>>,
<<0,53>>,
<<0,22>>,
<<0,19>>,
<<0,10>>,
<<0,51>>,
<<0,50>>,
<<0,47>>,
<<0,5>>,
<<0,4>>,
<<0,21>>,
<<0,9>>],
#Fun<ssl.0.5831185>,true,268435456,false,[],
undefined,false,undefined,undefined},
{socket_options,list,0,0,0,true},
{connection_states,
{connection_state,
{security_parameters,
<<0,0>>,
0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,
undefined,undefined},
undefined,undefined,undefined,0,undefined,
undefined,undefined},
{connection_state,
{security_parameters,undefined,0,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,
<<removed >>,
undefined},
undefined,undefined,undefined,undefined,
undefined,undefined,undefined},
{connection_state,
{security_parameters,
<<0,0>>,
0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,
undefined,undefined},
undefined,undefined,undefined,0,undefined,
undefined,undefined},
{connection_state,
{security_parameters,undefined,0,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,undefined,
undefined,undefined,undefined,
<< removed >>,
undefined},
undefined,undefined,undefined,undefined,
undefined,undefined,undefined}},
[],<<>>,<<>>,
{[],[]},
[],16400,
{session,undefined,undefined,
<< removed >>,
undefined,undefined,undefined,new,63520304097},
28691,ssl_session_cache,undefined,undefined,false,
undefined,undefined,undefined,
{'RSAPrivateKey','two-prime', removed
asn1_NOVALUE},
{'DHParameter',
removed,
2,asn1_NOVALUE},
undefined,undefined,20497,#Ref<0.0.0.61>,0,<<>>,true,
{false,first},
{<0.32.0>,#Ref<0.0.0.60>},
{[],[]},
false,true,false,undefined}
** Reason for termination =
** {function_clause,
[{ssl_session,server_id,
[443,
<<135,245,186,148,131,78,105,38,70,210,147,42,207,139,174,106,166,
97,85,161,20,70,127,51,6,193,41,5,157,250,239,90>>,
{ssl_options,[],verify_none,
{#Fun<ssl.1.5831185>,[]},
false,false,undefined,1,
<<"/mnt/ssl/mysite.com.crt">>,undefined,
<<"/mnt/ssl/mysite.com.key">>,undefined,
undefined,undefined,<<>>,undefined,undefined,
[<<0,57>>,
<<0,56>>,
<<0,53>>,
<<0,22>>,
<<0,19>>,
<<0,10>>,
<<0,51>>,
<<0,50>>,
<<0,47>>,
<<0,5>>,
<<0,4>>,
<<0,21>>,
<<0,9>>],
#Fun<ssl.0.5831185>,true,268435456,false,[],undefined,false,
undefined,undefined},
<< removed >>,
28691,ssl_session_cache],
[{file,"ssl_session.erl"},{line,73}]},
{ssl_handshake,select_session,8,
[{file,"ssl_handshake.erl"},{line,629}]},
{ssl_handshake,hello,4,[{file,"ssl_handshake.erl"},{line,178}]},
{ssl_connection,hello,2,[{file,"ssl_connection.erl"},{line,414}]},
{ssl_connection,next_state,4,
[{file,"ssl_connection.erl"},{line,2002}]},
{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]}
More information about the erlang-bugs
mailing list