<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [99s-extend] ssl_hello_world
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20ssl_hello_world&In-Reply-To=%3C5347D8C7.8020906%40ninenines.eu%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000370.html">
<LINK REL="Next" HREF="000372.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[99s-extend] ssl_hello_world</H1>
<B>Loïc Hoguin</B>
<A HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20ssl_hello_world&In-Reply-To=%3C5347D8C7.8020906%40ninenines.eu%3E"
TITLE="[99s-extend] ssl_hello_world">essen at ninenines.eu
</A><BR>
<I>Fri Apr 11 13:57:59 CEST 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000370.html">[99s-extend] ssl_hello_world
</A></li>
<LI>Next message: <A HREF="000372.html">[99s-extend] ssl
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#371">[ date ]</a>
<a href="thread.html#371">[ thread ]</a>
<a href="subject.html#371">[ subject ]</a>
<a href="author.html#371">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>It's tested on ArchLinux from R15B01 to master so that's unrelated to
the Erlang version.
On 04/11/2014 01:48 PM, Samir Sow wrote:
><i> Thx.
</I>><i>
</I>><i> On which OS + Erlang version is the server running ?
</I>><i>
</I>><i> Samir
</I>><i> On 11 avr. 2014, at 13:41, Loïc Hoguin <<A HREF="https://lists.ninenines.eu/listinfo/extend">essen at ninenines.eu</A>> wrote:
</I>><i>
</I>>><i> This is the successful output I get. You should try to see why yours is different, perhaps someone somewhere ran into the same issue at some point. Note that the --cacert option isn't needed and basically makes no difference.
</I>>><i>
</I>>><i>
</I>>><i> % curl -ikvv <A HREF="https://localhost:8443">https://localhost:8443</A>
</I>>><i> * Rebuilt URL to: <A HREF="https://localhost:8443/">https://localhost:8443/</A>
</I>>><i> * Hostname was NOT found in DNS cache
</I>>><i> * Trying 127.0.0.1...
</I>>><i> * Connected to localhost (127.0.0.1) port 8443 (#0)
</I>>><i> * successfully set certificate verify locations:
</I>>><i> * CAfile: /etc/ssl/certs/ca-certificates.crt
</I>>><i> CApath: none
</I>>><i> * SSLv3, TLS handshake, Client hello (1):
</I>>><i> * SSLv3, TLS handshake, Server hello (2):
</I>>><i> * SSLv3, TLS handshake, CERT (11):
</I>>><i> * SSLv3, TLS handshake, Server key exchange (12):
</I>>><i> * SSLv3, TLS handshake, Server finished (14):
</I>>><i> * SSLv3, TLS handshake, Client key exchange (16):
</I>>><i> * SSLv3, TLS change cipher, Client hello (1):
</I>>><i> * SSLv3, TLS handshake, Finished (20):
</I>>><i> * SSLv3, TLS change cipher, Client hello (1):
</I>>><i> * SSLv3, TLS handshake, Finished (20):
</I>>><i> * SSL connection using ECDHE-RSA-AES256-SHA384
</I>>><i> * Server certificate:
</I>>><i> * subject: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=localhost
</I>>><i> * start date: 2013-02-28 05:23:34 GMT
</I>>><i> * expire date: 2033-02-23 05:23:34 GMT
</I>>><i> * issuer: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=ROOT CA
</I>>><i> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
</I>>>><i> GET / HTTP/1.1
</I>>>><i> User-Agent: curl/7.35.0
</I>>>><i> Host: localhost:8443
</I>>>><i> Accept: */*
</I>>>><i>
</I>>><i> < HTTP/1.1 200 OK
</I>>><i> HTTP/1.1 200 OK
</I>>><i> < connection: keep-alive
</I>>><i> connection: keep-alive
</I>>><i> * Server Cowboy is not blacklisted
</I>>><i> < server: Cowboy
</I>>><i> server: Cowboy
</I>>><i> < date: Fri, 11 Apr 2014 11:30:03 GMT
</I>>><i> date: Fri, 11 Apr 2014 11:30:03 GMT
</I>>><i> < content-length: 12
</I>>><i> content-length: 12
</I>>><i> < content-type: text/plain
</I>>><i> content-type: text/plain
</I>>><i>
</I>>><i> <
</I>>><i>
</I>>><i>
</I>>><i> On 04/11/2014 01:25 PM, Samir Sow wrote:
</I>>>><i> Thx.
</I>>>><i>
</I>>>><i> Same error …
</I>>>><i> Openssl s_client does not work either.
</I>>>><i> the server does not answer to ClientHello …
</I>>>><i>
</I>>>><i> Samir
</I>>>><i>
</I>>>><i> On 11 avr. 2014, at 13:18, Loïc Hoguin <<A HREF="https://lists.ninenines.eu/listinfo/extend">essen at ninenines.eu</A>> wrote:
</I>>>><i>
</I>>>>><i> The certificate in the SSL example is self-generated, try curl with the --insecure option.
</I>>>>><i>
</I>>>>><i> On 04/11/2014 12:39 PM, Samir Sow wrote:
</I>>>>>><i> Hi,
</I>>>>>><i>
</I>>>>>><i> Still struggling to make ssl work.
</I>>>>>><i>
</I>>>>>><i> I downloaded the example ssl_hello_world.
</I>>>>>><i> Upon execution : i get the following error with curl
</I>>>>>><i>
</I>>>>>><i> About to connect() to localhost port 8443 (#0)
</I>>>>>><i> * Trying ::1... Connexion refusée
</I>>>>>><i> * Trying 127.0.0.1... connected
</I>>>>>><i> * Connected to localhost (127.0.0.1) port 8443 (#0)
</I>>>>>><i> * Initializing NSS with certpath: sql:/etc/pki/nssdb
</I>>>>>><i> * NSS error -8018
</I>>>>>><i> * Closing connection #0
</I>>>>>><i> * Problem with the SSL CA cert (path? access rights?)
</I>>>>>><i> curl: (77) Problem with the SSL CA cert (path? access rights?)
</I>>>>>><i>
</I>>>>>><i>
</I>>>>>><i> cmd = curl -vv --cacert priv/cert/cowboy-ca.crt -i <A HREF="https://localhost:8443/">https://localhost:8443/</A>
</I>>>>>><i>
</I>>>>>><i> cacert path checked.
</I>>>>>><i> read permission checked
</I>>>>>><i>
</I>>>>>><i> I’ve tested with a browser and get a connection error.
</I>>>>>><i>
</I>>>>>><i> Any clue ?
</I>>>>>><i>
</I>>>>>><i> Samir
</I>>>>>><i>
</I>>>>>><i>
</I>>>>>><i> _______________________________________________
</I>>>>>><i> Extend mailing list
</I>>>>>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">Extend at lists.ninenines.eu</A>
</I>>>>>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">https://lists.ninenines.eu/listinfo/extend</A>
</I>>>>>><i>
</I>>>>><i>
</I>>>>><i> --
</I>>>>><i> Loïc Hoguin
</I>>>>><i> <A HREF="http://ninenines.eu">http://ninenines.eu</A>
</I>>>><i>
</I>>><i>
</I>>><i> --
</I>>><i> Loïc Hoguin
</I>>><i> <A HREF="http://ninenines.eu">http://ninenines.eu</A>
</I>><i>
</I>
--
Loïc Hoguin
<A HREF="http://ninenines.eu">http://ninenines.eu</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000370.html">[99s-extend] ssl_hello_world
</A></li>
<LI>Next message: <A HREF="000372.html">[99s-extend] ssl
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#371">[ date ]</a>
<a href="thread.html#371">[ thread ]</a>
<a href="subject.html#371">[ subject ]</a>
<a href="author.html#371">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://lists.ninenines.eu/listinfo/extend">More information about the Extend
mailing list</a><br>
</body></html>
