[99s-extend] ssl_hello_world

[Loïc Hoguin]

It's tested on ArchLinux from R15B01 to master so that's unrelated to 
the Erlang version.

On 04/11/2014 01:48 PM, Samir Sow wrote:
> Thx.
>
> On which OS + Erlang version is the server running ?
>
> Samir
> On 11 avr. 2014, at 13:41, Loïc Hoguin <essen at ninenines.eu> wrote:
>
>> This is the successful output I get. You should try to see why yours is different, perhaps someone somewhere ran into the same issue at some point. Note that the --cacert option isn't needed and basically makes no difference.
>>
>>
>> % curl -ikvv https://localhost:8443
>> * Rebuilt URL to: https://localhost:8443/
>> * Hostname was NOT found in DNS cache
>> *   Trying 127.0.0.1...
>> * Connected to localhost (127.0.0.1) port 8443 (#0)
>> * successfully set certificate verify locations:
>> *   CAfile: /etc/ssl/certs/ca-certificates.crt
>>   CApath: none
>> * SSLv3, TLS handshake, Client hello (1):
>> * SSLv3, TLS handshake, Server hello (2):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Server key exchange (12):
>> * SSLv3, TLS handshake, Server finished (14):
>> * SSLv3, TLS handshake, Client key exchange (16):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSL connection using ECDHE-RSA-AES256-SHA384
>> * Server certificate:
>> * 	 subject: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=localhost
>> * 	 start date: 2013-02-28 05:23:34 GMT
>> * 	 expire date: 2033-02-23 05:23:34 GMT
>> * 	 issuer: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=ROOT CA
>> * 	 SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>>> GET / HTTP/1.1
>>> User-Agent: curl/7.35.0
>>> Host: localhost:8443
>>> Accept: */*
>>>
>> < HTTP/1.1 200 OK
>> HTTP/1.1 200 OK
>> < connection: keep-alive
>> connection: keep-alive
>> * Server Cowboy is not blacklisted
>> < server: Cowboy
>> server: Cowboy
>> < date: Fri, 11 Apr 2014 11:30:03 GMT
>> date: Fri, 11 Apr 2014 11:30:03 GMT
>> < content-length: 12
>> content-length: 12
>> < content-type: text/plain
>> content-type: text/plain
>>
>> <
>>
>>
>> On 04/11/2014 01:25 PM, Samir Sow wrote:
>>> Thx.
>>>
>>> Same error …
>>> Openssl s_client does not work either.
>>> the server does not answer to ClientHello …
>>>
>>> Samir
>>>
>>> On 11 avr. 2014, at 13:18, Loïc Hoguin <essen at ninenines.eu> wrote:
>>>
>>>> The certificate in the SSL example is self-generated, try curl with the --insecure option.
>>>>
>>>> On 04/11/2014 12:39 PM, Samir Sow wrote:
>>>>> Hi,
>>>>>
>>>>> Still struggling to make ssl work.
>>>>>
>>>>> I downloaded the example ssl_hello_world.
>>>>> Upon execution : i get the following error with curl
>>>>>
>>>>>   About to connect() to localhost port 8443 (#0)
>>>>> *   Trying ::1... Connexion refusée
>>>>> *   Trying 127.0.0.1... connected
>>>>> * Connected to localhost (127.0.0.1) port 8443 (#0)
>>>>> * Initializing NSS with certpath: sql:/etc/pki/nssdb
>>>>> * NSS error -8018
>>>>> * Closing connection #0
>>>>> * Problem with the SSL CA cert (path? access rights?)
>>>>> curl: (77) Problem with the SSL CA cert (path? access rights?)
>>>>>
>>>>>
>>>>> cmd = curl -vv --cacert priv/cert/cowboy-ca.crt -i https://localhost:8443/
>>>>>
>>>>> cacert path checked.
>>>>> read permission checked
>>>>>
>>>>> I’ve tested with a browser and get a connection error.
>>>>>
>>>>> Any clue ?
>>>>>
>>>>> Samir
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Extend mailing list
>>>>> Extend at lists.ninenines.eu
>>>>> https://lists.ninenines.eu/listinfo/extend
>>>>>
>>>>
>>>> --
>>>> Loïc Hoguin
>>>> http://ninenines.eu
>>>
>>
>> --
>> Loïc Hoguin
>> http://ninenines.eu
>

-- 
Loïc Hoguin
http://ninenines.eu