|
|
| Author |
Message |
< Advanced Erlang/OTP ~ ssl failed during the time shaking hands |
| coderplay |
 Posted: Thu Jul 05, 2007 4:26 am |
 |
|
|
Joined: 20 Jun 2007
Posts: 7
|
hi all,
I've tried to do some tests for understanding the communications of
two nodes through the ssl protocol in erlang. I've created a boot
script for this case and two certificates following the otp
reference,one was ssl_server.pem, the other was ssl_client.pem. Then I
used command-line to create two nodes -- x@192.168.0.98 and
y@192.168.0.97 -- as follows:
# erl -boot start_ssl -proto_dist inet_ssl -name x@192.168.0.98
-ssl_dist_opt client_certfile "ssl_client" -ssl_dist_opt
server_certfile "ssl_server.pem" -setcookie 123456
# erl -boot start_ssl -proto_dist inet_ssl -name y@192.168.0.97
-ssl_dist_opt client_certfile "ssl_client.pem" -ssl_dist_opt
server_certfile "ssl_server.pem" -setcookie 123456
Everything is okay at that time, I 've seen the erlang prompts as
well. But when I tried to ping one node from the other one, it failed
with a message pang.
(y@192.168.0.97)1> net_adm:ping('x@192.168.0.98').
pang
By analysing it with shell commands netstat and strace, It appears
that the ssl ping failed during the time shaking hands. The file
descriptor which was used to receives data from the other node hasnot
been added
into the pollfds.
this a fragment of the strace result:
accept(5, {sa_family=AF_INET, sin_port=htons(13198),
sin_addr=inet_addr("192.168.0.97")}, [16]) = 7
fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
write(2, "fuck\n", 5) = 5
write(1, "\0\0\0\t", 4) = 4
write(1, "\f\0\0\0\5\0\0\0\7", 9) = 9
poll([{fd=4, events=POLLIN|POLLRDNORM}, {fd=0,
events=POLLIN|POLLRDNORM, revents=POLLIN|POLLRDNORM}], 2, 2000) = 1
time(NULL) = 1183526380
read(0, "\0\0\0\6", 4) = 4
read(0, "\n\0\0\0\5\0", 6) = 6
poll([{fd=4, events=POLLIN|POLLRDNORM}, {fd=0,
events=POLLIN|POLLRDNORM}, {fd=5, events=POLLIN|POLLRDNORM}], 3, 2000)
= 0
time(NULL) = 1183526382
and below is the result of netstat:
# netstat --tcp -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
...(omit)
tcp 0 0 192.168.0.98:31719 221.174.21.84:8080
ESTABLISHED
tcp 0 0 192.168.0.98:31728 221.174.21.84:8080
ESTABLISHED
tcp 142 0 192.168.0.98:25233 192.168.0.97:13198
ESTABLISHED
tcp 0 0 ::ffff:192.168.0.98:40272
::ffff:192.168.0.100:3306 ESTABLISHED
tcp 0 0 ::ffff:127.0.0.1:8052 ::ffff:127.0.0.1:59274
ESTABLISHED
tcp 0 264 ::ffff:192.168.0.98:22
::ffff:192.168.0.217:3103 ESTABLISHED
Apparently, there are still 142 bytes data stayed at the receive
queue. The receiver terminal program hasnot take any data from that
queue beacuse the right file descriptor has not been added yet.
Who can explain that phenomenon and give me a solution?
Thx,
Jeremy |
|
|
| Back to top |
 
|
| martin |
| Posted: Fri Jul 06, 2007 11:12 am |
|
|
|
User
Joined: 06 Aug 2006
Posts: 11
|
Have you tried checking the ssl connection using openssl,
e.g. openssl s_client -connect remote.host:port
If the connection checks out ok,
check the what inet_*_dist the net_kernel is using and
dbg that module e.g.
dbg:tp(inet_TYPE_dist,dbg:fun2ms(fun(_)->return_trace()end))
You might find what is going wrong there
//Martin |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
