SSL error
122 views
Skip to first unread message
ionut cristian Cucu
Aug 3, 2015, 12:36:26 AM8/3/15
to ChicagoBoss
Hi folks!
I'm trying to enable ssl on my nifty cb site and I've followed the instructions from here: https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup
but I get connection reset on client and server says:
[error] Ranch listener boss_https_listener had connection process started with cowboy_protocol:start_link/4 at <0.366.0> exit with reason:
{{keyfile,{badmatch,[]}},[{ranch_ssl,accept_ack,2,[{file,"src/ranch_ssl.erl"},{line,115}]},{cowboy_protocol,init,4,[{file,"src/cowboy_protocol.erl"},{line,91}]}]}
The ssl keys are in project directory ssl and are self signed and I've changed ./deps/boss/priv/rebar/boss_rebal.erl line 178 to:
io:format("~s -pa ~s -boss developing_app ~s -boot start_sasl -config boss ~s -s reloader -s lager -s inets -s ssl -s boss ~s~s~n",
any ideas what I'm doing wrong?
Thank you for your help
I'm trying to enable ssl on my nifty cb site and I've followed the instructions from here: https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup
but I get connection reset on client and server says:
[error] Ranch listener boss_https_listener had connection process started with cowboy_protocol:start_link/4 at <0.366.0> exit with reason:
{{keyfile,{badmatch,[]}},[{ranch_ssl,accept_ack,2,[{file,"src/ranch_ssl.erl"},{line,115}]},{cowboy_protocol,init,4,[{file,"src/cowboy_protocol.erl"},{line,91}]}]}
The ssl keys are in project directory ssl and are self signed and I've changed ./deps/boss/priv/rebar/boss_rebal.erl line 178 to:
io:format("~s -pa ~s -boss developing_app ~s -boot start_sasl -config boss ~s -s reloader -s lager -s inets -s ssl -s boss ~s~s~n",
any ideas what I'm doing wrong?
Thank you for your help
can2nac
Aug 3, 2015, 10:26:56 AM8/3/15
to ChicagoBoss
post related boss.config file part
ionut cristian Cucu
Aug 3, 2015, 10:52:30 AM8/3/15
to ChicagoBoss
%% ssl_enable - Enable HTTP over SSL
%% ssl_options - SSL options; see ssl(3erl)
{ssl_enable, true},
{ssl_options, [
{cacertfile, "ssl/cacert.pem"},
{certfile, "ssl/newcert.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}
]},
{dummy, true} % a final dummy option so we don't have to keep track of commas
]},
%% ssl_options - SSL options; see ssl(3erl)
{ssl_enable, true},
{ssl_options, [
{cacertfile, "ssl/cacert.pem"},
{certfile, "ssl/newcert.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}
]},
{dummy, true} % a final dummy option so we don't have to keep track of commas
]},
ionut cristian Cucu
Aug 4, 2015, 11:59:54 AM8/4/15
to ChicagoBoss
I forgot to mention changing cowboy to mochiweb I get :
CRASH REPORT Process <0.177.0> with 0 neighbours exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line 33
18:56:29.529 [error] {mochiweb_socket_server,295,{acceptor_error,{error,accept_failed}}}
on the server side and the same connection reset on firefox and SSL_ERRR on chrome
CRASH REPORT Process <0.177.0> with 0 neighbours exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line 33
18:56:29.529 [error] {mochiweb_socket_server,295,{acceptor_error,{error,accept_failed}}}
on the server side and the same connection reset on firefox and SSL_ERRR on chrome
ionut cristian Cucu
Aug 4, 2015, 12:12:17 PM8/4/15
to ChicagoBoss
sorry for the noise seems I've forgot a hole line the keyfile line; now I've added that line but I get
start_link/4 at <0.355.0> exit with reason: {{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}},[{ranch_ssl,accept_ack,2,[{file,"src/ranch_ssl.erl"},{line,115}]},{cowboy_protocol,init,4,[{file,"src/cowboy_protocol.erl"},{line,91}]}]
and similar with mochiweb
start_link/4 at <0.355.0> exit with reason: {{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}},[{ranch_ssl,accept_ack,2,[{file,"src/ranch_ssl.erl"},{line,115}]},{cowboy_protocol,init,4,[{file,"src/cowboy_protocol.erl"},{line,91}]}]
and similar with mochiweb
can2nac
Aug 4, 2015, 3:33:32 PM8/4/15
to ChicagoBoss
might be a problem with your keyfile. Try to verify all of them https://unix.stackexchange.com/questions/16226/how-can-i-verify-ssl-certificates-on-the-command-line
ionut cristian Cucu
Aug 5, 2015, 12:20:06 PM8/5/15
to ChicagoBoss
On Tuesday, August 4, 2015 at 10:33:32 PM UTC+3, can2nac wrote:
might be a problem with your keyfile. Try to verify all of them https://unix.stackexchange.com/questions/16226/how-can-i-verify-ssl-certificates-on-the-command-line
I've tried:
openssl verify cacert.pem gives
error 18 at 0 depth lookup:self signed certificate
OK
so when I'm trying to verify for a self signed pem like so:
openssl verify -CAfile cacert.pem cacert.pem
it gives cacert.pem: OK
I've tried to get an openssl cert but I have no domain name :)
openssl verify cacert.pem gives
error 18 at 0 depth lookup:self signed certificate
OK
so when I'm trying to verify for a self signed pem like so:
openssl verify -CAfile cacert.pem cacert.pem
it gives cacert.pem: OK
I've tried to get an openssl cert but I have no domain name :)
Reply all
Reply to author
Forward
0 new messages