[99s-extend] ssl_hello_world

[Samir Sow]

Thx.

On which OS + Erlang version is the server running ?

Samir
On 11 avr. 2014, at 13:41, Loïc Hoguin <essen at ninenines.eu> wrote:

> This is the successful output I get. You should try to see why yours is different, perhaps someone somewhere ran into the same issue at some point. Note that the --cacert option isn't needed and basically makes no difference.
> 
> 
> % curl -ikvv https://localhost:8443
> * Rebuilt URL to: https://localhost:8443/
> * Hostname was NOT found in DNS cache
> *   Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 8443 (#0)
> * successfully set certificate verify locations:
> *   CAfile: /etc/ssl/certs/ca-certificates.crt
>  CApath: none
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using ECDHE-RSA-AES256-SHA384
> * Server certificate:
> * 	 subject: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=localhost
> * 	 start date: 2013-02-28 05:23:34 GMT
> * 	 expire date: 2033-02-23 05:23:34 GMT
> * 	 issuer: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=ROOT CA
> * 	 SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> > GET / HTTP/1.1
> > User-Agent: curl/7.35.0
> > Host: localhost:8443
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> HTTP/1.1 200 OK
> < connection: keep-alive
> connection: keep-alive
> * Server Cowboy is not blacklisted
> < server: Cowboy
> server: Cowboy
> < date: Fri, 11 Apr 2014 11:30:03 GMT
> date: Fri, 11 Apr 2014 11:30:03 GMT
> < content-length: 12
> content-length: 12
> < content-type: text/plain
> content-type: text/plain
> 
> <
> 
> 
> On 04/11/2014 01:25 PM, Samir Sow wrote:
>> Thx.
>> 
>> Same error …
>> Openssl s_client does not work either.
>> the server does not answer to ClientHello …
>> 
>> Samir
>> 
>> On 11 avr. 2014, at 13:18, Loïc Hoguin <essen at ninenines.eu> wrote:
>> 
>>> The certificate in the SSL example is self-generated, try curl with the --insecure option.
>>> 
>>> On 04/11/2014 12:39 PM, Samir Sow wrote:
>>>> Hi,
>>>> 
>>>> Still struggling to make ssl work.
>>>> 
>>>> I downloaded the example ssl_hello_world.
>>>> Upon execution : i get the following error with curl
>>>> 
>>>>  About to connect() to localhost port 8443 (#0)
>>>> *   Trying ::1... Connexion refusée
>>>> *   Trying 127.0.0.1... connected
>>>> * Connected to localhost (127.0.0.1) port 8443 (#0)
>>>> * Initializing NSS with certpath: sql:/etc/pki/nssdb
>>>> * NSS error -8018
>>>> * Closing connection #0
>>>> * Problem with the SSL CA cert (path? access rights?)
>>>> curl: (77) Problem with the SSL CA cert (path? access rights?)
>>>> 
>>>> 
>>>> cmd = curl -vv --cacert priv/cert/cowboy-ca.crt -i https://localhost:8443/
>>>> 
>>>> cacert path checked.
>>>> read permission checked
>>>> 
>>>> I’ve tested with a browser and get a connection error.
>>>> 
>>>> Any clue ?
>>>> 
>>>> Samir
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Extend mailing list
>>>> Extend at lists.ninenines.eu
>>>> https://lists.ninenines.eu/listinfo/extend
>>>> 
>>> 
>>> --
>>> Loïc Hoguin
>>> http://ninenines.eu
>> 
> 
> -- 
> Loïc Hoguin
> http://ninenines.eu