Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl:handshake/3 fails with cert_and_key_required and {handshake, hello} specified #9177

Open
sg2342 opened this issue Dec 11, 2024 · 0 comments
Open

ssl:handshake/3 fails with cert_and_key_required and {handshake, hello} specified #9177

sg2342 opened this issue Dec 11, 2024 · 0 comments
Labels
bug Issue is reported as a bug

Comments

@sg2342
Copy link
Contributor

sg2342 commented Dec 11, 2024

Describe the bug

With 7a07239 ssh:handshake/3 requires cert and key to be present.
It must not require cert and key if {handshake, hello} is set because the actual cert and key to be used might be set later in ssl:handshake_continue/3 based on information returned by ssh:handshake/3 (e.g. the SNI hostname).

To Reproduce

Erlang/OTP 27 [erts-15.1.2] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1] [jit:ns] [dtrace] [sharing-preserving]

Eshell V15.1.2 (press Ctrl+G to abort, type help(). for help)
1> ssl:start().
ok
2> {ok, ListenSocket} = gen_tcp:listen(1234, [binary, {active, false}, inet, {reuseaddr, true}]).
{ok,#Port<0.3>}
3> {ok, TcpSocket} = gen_tcp:accept(ListenSocket).
{ok,#Port<0.4>}
4> ssl:handshake(TcpSocket, [{handshake, hello}, {versions, ['tlsv1.3']}], 5000).
{error,{options,{certs_keys,cert_and_key_required}}}

Expected behavior

Erlang/OTP 26 [erts-14.2.5.4] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1] [jit:ns] [dtrace] [sharing-preserving]

Eshell V14.2.5.4 (press Ctrl+G to abort, type help(). for help)
1> ssl:start().
ok
2> {ok, ListenSocket} = gen_tcp:listen(1234, [binary, {active, false}, inet, {reuseaddr, true}]).
{ok,#Port<0.3>}
3> {ok, TcpSocket} = gen_tcp:accept(ListenSocket).
{ok,#Port<0.4>}
4> ssl:handshake(TcpSocket, [{handshake, hello}, {versions, ['tlsv1.3']}], 5000).
{ok,{sslsocket,{gen_tcp,#Port<0.4>,tls_connection,
                        [{session_id_tracker,not_relevant}]},
               [<0.120.0>,<0.119.0>]},
    #{cookie => undefined,
      signature_algs =>
          [ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384,
           ecdsa_secp521r1_sha512,eddsa_ed25519,eddsa_ed448,
           rsa_pss_pss_sha256,rsa_pss_pss_sha384,rsa_pss_pss_sha512,
           rsa_pss_rsae_sha256,rsa_pss_rsae_sha384,rsa_pss_rsae_sha512,
           rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512,
           {sha224,ecdsa},
           {sha224,rsa},
           {sha224,dsa},
           {sha256,dsa},
           {sha384,dsa},
           {sha512,dsa}],
      certificate_authorities => undefined,
      signature_algs_cert => undefined,use_srtp => undefined,
      elliptic_curves => [secp256r1],
      client_hello_versions => [{3,4},{3,3},{3,2},{3,1}],
      pre_shared_key => undefined,sni => "foo.example.com",
      key_share =>
          [{key_share_entry,secp256r1,
                            <<4,137,42,64,148,54,117,21,149,209,216,45,111,171,57,
                              51,132,68,246,124,135,...>>}],
      alpn => undefined,
      ec_point_formats => [0,1,2],
      psk_key_exchange_modes => [psk_dhe_ke]}}
5>

Affected versions
OTP-27.2
OTP-27.1.3
OTP-27.1.2
OTP-27.1.1
OTP-27.1
OTP-27.0.1
OTP-27.0
OTP-27.0-rc3
OTP-27.0-rc2
OTP-27.0-rc1

Additional context

Workaround (bogus cert and key):

ssl:handshake(TcpSocket, [{handshake, hello}, {versions, ['tlsv1.3']}, {key, #{algorithm => eddsa, sign_fun => undefined}},{cert, <<>>}}], 5000).
@sg2342 sg2342 added the bug Issue is reported as a bug label Dec 11, 2024
@sg2342 sg2342 changed the title ssl:handshake/3 fails with cert_and_key_required with {handshake, hello} specified ssl:handshake/3 fails with cert_and_key_required and {handshake, hello} specified Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Issue is reported as a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sg2342