|
|
Hi guysI’m trying to connect to a remote SSL server using a filtering Proxy in between.First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:_______________________________tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).connect() -> SslSocket = ssl_client(), ok = ssl:send(SslSocket, <<"...some data...">>), … ok._______________________________When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).Questions:a. is it the right way to establish an SSL connection via a proxy? b. how can I really ensure I’m using SSL v1.2 and not v1.3? My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Small typo in ssl_client/0: _______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() -> SslSocket = ssl_client(), ok = ssl:send("...some data...">>, SslSocket), … ok. _______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() -> SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), … ok. _______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Dialyzer warning if not export my function convert_result_and_exit/1
%%% ###=====================================================================### -spec convert_result_and_exit(any()) -> no_return(). %%% ###=====================================================================### convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission); convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}).
got a warning from dialyzer:
1569: The variable _E can never match since previous clauses completely covered the type 'no_permission' | {'error',binary()}
Anybody has an explanation why ?
Dialyzer bug ?
Best regards//KW
Best Regards
W.W.(KingWang)
On Friday, April 26, 2019, 8:26:00 AM GMT+2, Frank Muller < [hidden email]> wrote:
Small typo in ssl_client/0: _______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() -> SslSocket = ssl_client(), ok = ssl:send("...some data...">>, SslSocket), … ok. _______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() -> SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), … ok. _______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
On 4/26/19 3:34 PM, WW wrote:
> Dialyzer warning if not export my function convert_result_and_exit/1
>
>
> %%%
> ###=====================================================================###
> -spec convert_result_and_exit(any()) -> no_return().
> %%%
> ###=====================================================================###
> convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)->
> exit({error, ErrReason});
> convert_result_and_exit(no_permission)-> exit(no_permission);
> convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}).
>
>
> got a warning from dialyzer:
>
> 1569: The variable _E can never match since previous clauses completely
> covered the type 'no_permission' | {'error',binary()}
>
> Anybody has an explanation why ?
Because all calls to convert_result_and_exit/1 are either with an
{'error',binary()} tuple or the 'no_permission' atom. Thus, Dialyzer
can figure out that the third clause is unreachable and informs you
about it.
Effectively, it tells you that you have either made a mistake somewhere
and you have no call with something other than 'no_permission' |
{'error',binary()} or you can remove this clause (comment it out).
Once you have done that, perhaps you may also want to strengthen the
spec of the function.
> Dialyzer bug ?
Remember the slogan: "Dialyzer is never wrong!"
Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
But according to spec the input of the function can be any()! It is obvious the _E should be considered, otherwise erlang will crash.
Am I wrong?
Best Regards
W.W.(KingWang)
On Saturday, April 27, 2019, 12:30:21 PM GMT+2, Kostis Sagonas < [hidden email]> wrote:
On 4/26/19 3:34 PM, WW wrote: > Dialyzer warning if not export my function convert_result_and_exit/1 > > > %%% > ###=====================================================================### > -spec convert_result_and_exit(any()) -> no_return(). > %%% > ###=====================================================================### > convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> > exit({error, ErrReason}); > convert_result_and_exit(no_permission)-> exit(no_permission); > convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). > > > got a warning from dialyzer: > > 1569: The variable _E can never match since previous clauses completely > covered the type 'no_permission' | {'error',binary()} > > Anybody has an explanation why ?
Because all calls to convert_result_and_exit/1 are either with an {'error',binary()} tuple or the 'no_permission' atom. Thus, Dialyzer can figure out that the third clause is unreachable and informs you about it. Effectively, it tells you that you have either made a mistake somewhere and you have no call with something other than 'no_permission' | {'error',binary()} or you can remove this clause (comment it out). Once you have done that, perhaps you may also want to strengthen the spec of the function. > Dialyzer bug ? Remember the slogan: "Dialyzer is never wrong!" Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
On 4/27/19 12:43 PM, WW wrote:
> But according to spec the input of the function can be any()! It is
> obvious the _E should be considered, otherwise erlang will crash.
>
> Am I wrong?
Yes, you are.
The function is not exported; all calls to it are from within the module
(i.e., known to dialyzer), so they cannot be with any() as argument;
they can only be with the term types that dialyzer has inferred.
Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Thank you for your answer Kostis.
But will erlang crash if any other internal function call this internal function with an argument of integer() or someother term()?
-------------------------------------------------------------------------------------------------------------------------------------------------------------- ###=====================================================================### -spec convert_result_and_exit(any()) -> no_return(). %%% ###=====================================================================### convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission).
test() -> convert_result_and_exit ( [1,2,3] ). ( It is a use case , why "so they cannot be with any() as argument" ? Where in the erlang doc defined that?)
In this case, test() will crash owing to missing the convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). I do not want it crash, I need a quiet exit (catch it afterwards)instead, will that be possible ? ----------------------------------------------------------------------------------------------------------------------------------------------------------------
The question is : Why dialyzer could not detect the internal non-exported spec ? Or Erlang module interal function should not have any spec at all , because dialyzer doesn't care?
Is it the limitation of dialyzer or wrong in the design? What is the best solution, in my situation?
BR//Wei Wang
Best Regards
W.W.(KingWang)
On Saturday, April 27, 2019, 4:52:29 PM GMT+2, Kostis Sagonas < [hidden email]> wrote:
On 4/27/19 12:43 PM, WW wrote: > But according to spec the input of the function can be any()! It is > obvious the _E should be considered, otherwise erlang will crash. > > Am I wrong? Yes, you are. The function is not exported; all calls to it are from within the module (i.e., known to dialyzer), so they cannot be with any() as argument; they can only be with the term types that dialyzer has inferred.
Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Will it be the only solution that I exported that function even it is not used by outside? Called exported internal function?
Best Regards
W.W.(KingWang)
On Saturday, April 27, 2019, 10:15:10 PM GMT+2, WW < [hidden email]> wrote:
Thank you for your answer Kostis.
But will erlang crash if any other internal function call this internal function with an argument of integer() or someother term()?
-------------------------------------------------------------------------------------------------------------------------------------------------------------- ###=====================================================================### -spec convert_result_and_exit(any()) -> no_return(). %%% ###=====================================================================### convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission).
test() -> convert_result_and_exit ( [1,2,3] ). ( It is a use case , why "so they cannot be with any() as argument" ? Where in the erlang doc defined that?)
In this case, test() will crash owing to missing the convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). I do not want it crash, I need a quiet exit (catch it afterwards)instead, will that be possible ? ----------------------------------------------------------------------------------------------------------------------------------------------------------------
The question is : Why dialyzer could not detect the internal non-exported spec ? Or Erlang module interal function should not have any spec at all , because dialyzer doesn't care?
Is it the limitation of dialyzer or wrong in the design? What is the best solution, in my situation?
BR//Wei Wang
Best Regards
W.W.(KingWang)
On Saturday, April 27, 2019, 4:52:29 PM GMT+2, Kostis Sagonas < [hidden email]> wrote:
On 4/27/19 12:43 PM, WW wrote: > But according to spec the input of the function can be any()! It is > obvious the _E should be considered, otherwise erlang will crash. > > Am I wrong? Yes, you are. The function is not exported; all calls to it are from within the module (i.e., known to dialyzer), so they cannot be with any() as argument; they can only be with the term types that dialyzer has inferred.
Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
On Sat, Apr 27, 2019 at 08:15:10PM +0000, WW wrote:
> Thank you for your answer Kostis.
> But will erlang crash if any other internal function call this internal function with an argument of integer() or someother term()?
The point here is that dialyzer can *prove* that the function will
not be called with anything other than the first two cases. It
therefore tells you that the third catch-all case is impossible. You
can safely remove that third clause.
If at some point in the future you write some code which could call
the function with some other input, then dialyzer will tell you about
that, too.
If you want a quiet dialyzer, the solution here is to remove the
third (catch-all) clause, until you have some code which actually
needs it.
Hugo.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------- ###=====================================================================###
> -spec convert_result_and_exit(any()) -> no_return().
> %%%
> ###=====================================================================###
> convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)->
> exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission).
>
> test() -> convert_result_and_exit ( [1,2,3] ). ( It is a use case , why "so they cannot be with any() as argument" ? Where in the erlang doc defined that?)
>
> In this case, test() will crash owing to missing the convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). I do not want it crash, I need a quiet exit (catch it afterwards)instead, will that be possible ?----------------------------------------------------------------------------------------------------------------------------------------------------------------
> The question is : Why dialyzer could not detect the internal non-exported spec ? Or Erlang module interal function should not have any spec at all , because dialyzer doesn't care?
> Is it the limitation of dialyzer or wrong in the design? What is the best solution, in my situation?
> BR//Wei Wang
> Best Regards W.W.(KingWang)
>
> On Saturday, April 27, 2019, 4:52:29 PM GMT+2, Kostis Sagonas < [hidden email]> wrote:
>
> On 4/27/19 12:43 PM, WW wrote:
> > But according to spec the input of the function can be any()! It is
> > obvious the _E should be considered, otherwise erlang will crash.
> >
> > Am I wrong?
>
> Yes, you are.
>
> The function is not exported; all calls to it are from within the module
> (i.e., known to dialyzer), so they cannot be with any() as argument;
> they can only be with the term types that dialyzer has inferred.
>
> Kostis
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions--
Hugo Mills | You can get more with a kind word and a two-by-four
hugo@... carfax.org.uk | than you can with just a kind word.
http://carfax.org.uk/ |
PGP: E2AB1DE4 | Marcus Cole, Babylon 5
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
The problem is that I have already a internal function call that (any()) case
Best Regards
W.W.(KingWang)
On Saturday, April 27, 2019, 10:52:11 PM GMT+2, Hugo Mills < [hidden email]> wrote:
On Sat, Apr 27, 2019 at 08:15:10PM +0000, WW wrote: > Thank you for your answer Kostis. > But will erlang crash if any other internal function call this internal function with an argument of integer() or someother term()? The point here is that dialyzer can *prove* that the function will not be called with anything other than the first two cases. It therefore tells you that the third catch-all case is impossible. You can safely remove that third clause. If at some point in the future you write some code which could call the function with some other input, then dialyzer will tell you about that, too. If you want a quiet dialyzer, the solution here is to remove the third (catch-all) clause, until you have some code which actually needs it. Hugo. > -------------------------------------------------------------------------------------------------------------------------------------------------------------- ###=====================================================================### > -spec convert_result_and_exit(any()) -> no_return(). > %%% > ###=====================================================================### > convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)-> > exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission). > > test() -> convert_result_and_exit ( [1,2,3] ). ( It is a use case , why "so they cannot be with any() as argument" ? Where in the erlang doc defined that?) > > In this case, test() will crash owing to missing the convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). I do not want it crash, I need a quiet exit (catch it afterwards)instead, will that be possible ?---------------------------------------------------------------------------------------------------------------------------------------------------------------- > The question is : Why dialyzer could not detect the internal non-exported spec ? Or Erlang module interal function should not have any spec at all , because dialyzer doesn't care? > Is it the limitation of dialyzer or wrong in the design? What is the best solution, in my situation? > BR//Wei Wang > Best Regards W.W.(KingWang) > > On Saturday, April 27, 2019, 4:52:29 PM GMT+2, Kostis Sagonas < [hidden email]> wrote: > > On 4/27/19 12:43 PM, WW wrote: > > But according to spec the input of the function can be any()! It is > > obvious the _E should be considered, otherwise erlang will crash. > > > > Am I wrong? > > Yes, you are. > > The function is not exported; all calls to it are from within the module > (i.e., known to dialyzer), so they cannot be with any() as argument; > they can only be with the term types that dialyzer has inferred. > > Kostis > > _______________________________________________ > erlang-questions mailing list > [hidden email]> http://erlang.org/mailman/listinfo/erlang-questions-- Hugo Mills | You can get more with a kind word and a two-by-four [hidden email] carfax.org.uk | than you can with just a kind word. http://carfax.org.uk/ | PGP: E2AB1DE4 | Marcus Cole, Babylon 5
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Why this thread is about Dialyzer? I created it because a TLS issue i had (see my original post).
Thank you. /Frank
On Sat, Apr 27, 2019 at 08:15:10PM +0000, WW wrote:
> Thank you for your answer Kostis.
> But will erlang crash if any other internal function call this internal function with an argument of integer() or someother term()?
The point here is that dialyzer can *prove* that the function will
not be called with anything other than the first two cases. It
therefore tells you that the third catch-all case is impossible. You
can safely remove that third clause.
If at some point in the future you write some code which could call
the function with some other input, then dialyzer will tell you about
that, too.
If you want a quiet dialyzer, the solution here is to remove the
third (catch-all) clause, until you have some code which actually
needs it.
Hugo.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------- ###=====================================================================###
> -spec convert_result_and_exit(any()) -> no_return().
> %%%
> ###=====================================================================###
> convert_result_and_exit({error, ErrReason}) when is_binary(ErrReason)->
> exit({error, ErrReason}); convert_result_and_exit(no_permission)-> exit(no_permission).
>
> test() -> convert_result_and_exit ( [1,2,3] ). ( It is a use case , why "so they cannot be with any() as argument" ? Where in the erlang doc defined that?)
>
> In this case, test() will crash owing to missing the convert_result_and_exit(_E) -> exit({error, <<"Unknown reason">>}). I do not want it crash, I need a quiet exit (catch it afterwards)instead, will that be possible ?----------------------------------------------------------------------------------------------------------------------------------------------------------------
> The question is : Why dialyzer could not detect the internal non-exported spec ? Or Erlang module interal function should not have any spec at all , because dialyzer doesn't care?
> Is it the limitation of dialyzer or wrong in the design? What is the best solution, in my situation?
> BR//Wei Wang
> Best Regards W.W.(KingWang)
>
> On Saturday, April 27, 2019, 4:52:29 PM GMT+2, Kostis Sagonas <[hidden email]> wrote:
>
> On 4/27/19 12:43 PM, WW wrote:
> > But according to spec the input of the function can be any()! It is
> > obvious the _E should be considered, otherwise erlang will crash.
> >
> > Am I wrong?
>
> Yes, you are.
>
> The function is not exported; all calls to it are from within the module
> (i.e., known to dialyzer), so they cannot be with any() as argument;
> they can only be with the term types that dialyzer has inferred.
>
> Kostis
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
--
Hugo Mills | You can get more with a kind word and a two-by-four
hugo@... carfax.org.uk | than you can with just a kind word.
http://carfax.org.uk/ |
PGP: E2AB1DE4 | Marcus Cole, Babylon 5
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Small typo in ssl_client/0: _______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() -> SslSocket = ssl_client(), ok = ssl:send("...some data...">>, SslSocket), … ok. _______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() -> SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), … ok. _______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Hi Frank,
Sorry, that I can't really help you, but I did notice that the Erlang SSL usage example for upgrading a socket to TLS [1] says:
> Step 5: Ensure active is set to false before trying to upgrade a connection to an SSL connection, otherwise SSL handshake messages can be delivered to the wrong process
Your example seems to be using an active connection.
Maybe you could post a more complete, ready to run sample to get more feedback...
Regards Andreas
Am Fr., 26. Apr. 2019 um 08:25 Uhr schrieb Frank Muller < [hidden email]>: Small typo in ssl_client/0: _______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() -> SslSocket = ssl_client(), ok = ssl:send("...some data...">>, SslSocket), … ok. _______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() -> SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), … ok. _______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
-- -- Dipl.-Inform. Andreas Schultz
----------------------- enabling your networks ---------------------- Travelping GmbH Phone: +49-391-81 90 99 0 Roentgenstr. 13 Fax: +49-391-81 90 99 299 39108 Magdeburg Email: [hidden email] GERMANY Web: http://www.travelping.com
Company Registration: Amtsgericht Stendal Reg No.: HRB 10578 Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780 ---------------------------------------------------------------------
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|
Thanks for pointing out that. I just tried with {active,false} but nothing changed. The connection is closed immediately.
Any other hint?
/Frank
Hi Frank,
Sorry, that I can't really help you, but I did notice that the Erlang SSL usage example for upgrading a socket to TLS [1] says:
> Step 5: Ensure active is set to false before trying to upgrade a connection to an SSL connection, otherwise SSL handshake messages can be delivered to the wrong process
Your example seems to be using an active connection.
Maybe you could post a more complete, ready to run sample to get more feedback...
Regards Andreas
Am Fr., 26. Apr. 2019 um 08:25 Uhr schrieb Frank Muller < [hidden email]>: Small typo in ssl_client/0: _______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_fitering", 12345, [ binary, {active, true}, {packet. 0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts), Sock.
connect() -> SslSocket = ssl_client(), ok = ssl:send("...some data...">>, SslSocket), … ok. _______________________________
Hi guys
I’m trying to connect to a remote SSL server using a filtering Proxy in between.
First, I try to establish a normal TCP connection to this local Proxy using the CONNECT word. Second, I upgrade the TCP socket to SSL as in this snippet code:
_______________________________ tcp_client() -> {ok, TcpSock} = gen_tcp:connect("local_proxy_for_traffic_filtering", 12345, [ binary, {active,true}, {packet,0} ]), ok = gen_tcp:send(TcpSocket, <<"CONNECT…">>), … got 200OK ... TcpSocket.
ssl_client() -> TcpSocket = tcp_client(), Opts = [ {verify, verify_none}, {cacertfile, "cacert.pem"}, {versions, ['tlsv1.2']} ], {ok, Sock} = ssl:connect(TcpSocket, Opts).
connect() -> SslSocket = ssl_client(),
ok = ssl:send(SslSocket, <<"...some data...">>), … ok. _______________________________
When i call the ssl:send/2, the remote SSL server (I’ve no control on this server) immediately closes the connection with {error, closed}. Furthermore, the SSL server claims I’m using SSL v1.3 (from the logs we've got).
Questions:
a. is it the right way to establish an SSL connection via a proxy?
b. how can I really ensure I’m using SSL v1.2 and not v1.3?
My config: Erlang 21.3.5, Ubuntu 18.04 LTS, Kernel 4.4.0-grs-64 on a very restricted environment: no sudo, no direct internet access /Frank
_______________________________________________
--
-- Dipl.-Inform. Andreas Schultz
----------------------- enabling your networks ---------------------- Travelping GmbH Phone: +49-391-81 90 99 0 Roentgenstr. 13 Fax: +49-391-81 90 99 299 39108 Magdeburg Email: [hidden email] GERMANY Web: http://www.travelping.com
Company Registration: Amtsgericht Stendal Reg No.: HRB 10578 Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780 ---------------------------------------------------------------------
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
|
|