Comments (7)
I'm not too good with Elixir I have to admit...
Neither am I, so this is a bit like donkeys discussing the best way to lay an egg (if that is a saying outside of Germany) ^^;;;
There is a test in the
acceptor_SUITE
for upgrading,ssl_upgrade_from_tcp
, you may want to examine it and thessl_upgrade_protocol
it uses for reference.
The test case and associated protocol are entirely working in {active, false}
mode, so there is no explicit setting the socket(s) to {active, false}
, in case you're wondering.
gen_smtp
uses ranch and does TCP-to-SSL upgrading, too, here (around line 703). It generally puts the socket in {active, once}
mode when it expects a command from the client, and the client does the same whenever it expects a response from the server, so after receiving a command or response, their sockets are automatically put in {active, false}
mode.
- client and server use a plain TCP connection, server has it's
active
set toonce
, client has it'sactive
set tofalse
- client sends STARTTLS and sets it's
active
toonce
- server receives STARTTLS (it's
active
goes tofalse
), sends 220 OK and does not set it'sactive
back toonce
(!) but callsranch_ssl:handshake
- client receives 220 OK (it's
active
goes tofalse
), and callsssl:handshake
- when the handshake has been performed, the server sets it's
active
toonce
again so it can receive commands from the client on the upgraded socket
from ranch.
I'm not too good with Elixir I have to admit... but I'll try ;) Are you having problems during the upgrade (handshake), or afterwards? Because I think you may just have to update the transport in your state from ranch_tcp
to ranch_ssl
(it is not a plain TCP connection any more then, it is SSL) after the upgrade, which I can't see in your file.
from ranch.
The two main differences for this bit to help:
- Variables are lowercase instead of Uppercase for the first letter
- Atoms are a colon and a word instead of just lowercase
I believe it's during it. The result of the code flow is I get (in erlang terms) {error, timeout}
. The case statement is expecting {ok, NewSocket}
and doesn't get it hence my assumption of during the handshake. The setting the socket to be active happens after the handshake finishes (in this case, it doesn't happen).
from ranch.
- Variables are lowercase instead of Uppercase for the first letter
- Atoms are a colon and a word instead of just lowercase
I know ;) And if that was all there was to it... j/k, to business ;)
I believe it's during it. The result of the code flow is I get (in erlang terms)
{error, timeout}
. The case statement is expecting{ok, NewSocket}
and doesn't get it hence my assumption of during the handshake. The setting the socket to be active happens after the handshake finishes (in this case, it doesn't happen).
Hm in that case it may be that the client is not performing his side of the upgrade properly? I also believe that the client socket has to be in {active, false}
mode before attempting his side of the upgrade, otherwise the SSL handshake packet from the server will be "eaten" (same reason why you have to do that on the server side), so maybe that is it?
In any case, ranch_ssl:handshake/3
is more or less just a wrapper around ssl:ssl_accept/3
in ranch 1.7, or ssl:handshake/3
in ranch 2.x (btw, ssl:ssl_accept/3
is removed in OTP/24, so ranch 1.7 will not work with it, see #314). There is no ranch-magic happening.
There is a test in the acceptor_SUITE
for upgrading, ssl_upgrade_from_tcp
, you may want to examine it and the ssl_upgrade_protocol
it uses for reference.
from ranch.
The client application already has this functionality in place and to my understanding works correctly.
Thank you for your response, I think it'll point me in the right direction. In particular the test suite. I'll post here if I have further issues and post + close if I resolve it :)
from ranch.
Thank you both for your help (and the new saying, that is quite honestly fantastic).
The issue was I upgrading the connection and subsequently not changing the socket and transport held by the state, thus it was trying to interact with a ranch_tcp rather than ranch_ssl.
I'm completely happy for you to mark this issue as resolved if you want to.
from ranch.
Cheers.
from ranch.
Related Issues (20)
- Supervisor protocol process cannot be stopped when connection is closed (connection_type=supervisor). HOT 15
- Upgrading from 1.4 to 2.0 HOT 5
- Release Ranch 1.8 that is compatible with OTP-24 HOT 15
- Add hex metadata to Ranch master HOT 1
- Add a function that converts from ProxyInfo to ssl:connection_information/1 return value HOT 2
- using gen_tcp new interface inet_backend socket cann't listen multiple sockets in one port HOT 6
- remove the socket file before the listen and change_mode the socket file right after listen HOT 14
- Update appup for 2.1.0 HOT 3
- Proxy protocol unique ID TLV type HOT 1
- The user guide links on the README are broken HOT 1
- Password should be blanked instead of logged on error HOT 1
- TLS 1.3 connection with client verification always successful HOT 1
- ranch:handshake(Ref) silently drops invalid TLS connections in ranch_ssl via exit(normal) HOT 17
- Questions about "gen_tcp:accept/2" and "num_acceptors" HOT 2
- ranch:stop_listener/1 throws error HOT 2
- {error, no_cert} with `certs_keys` from OTP 25 HOT 8
- Issue when using DTLS HOT 6
- Minor: ranch_ssl:listen can return non-atom error reasons HOT 2
- Restart issues found when upgrading 1.8 -> 2.1.0 HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ranch.