well, it was long ago. I rechecked and found that ssl does not work with mochiweb. I don't know why. Switching to cowboy helps. Setting nginx as a frontend that handles ssl helps too. My config is pretty much the same as doc recommends - https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup
On Thursday, January 30, 2014 12:43:15 PM UTC+4, Nicolas Michel wrote: > > Hi, > > 2014-01-29 <[email protected] <javascript:>>: > >> both browser and wget cause errors on CA check. May be the ca-cert file >> is corrupted or unreadable (e.g. because of permissions) or something like >> that. >> > > This is why I find strange that I managed to get the page with wget and > not with the browser. At the SSL level things are supposed to behave > roughly the same way ... > > >> I used CA.pl script (part of openssl) to create self-signed certs (ca and >> server) and it worked ok. Yes, the browser complained first for unknown CA, >> but after pressing 'proceed anyway' everything was good. And after >> importing ca-cert file into the browser, it worked smooth and quiet. >> It was for version 0.8.7 >> > > I'm using CB 0.8.5 > I'll try with CA.pl script. What does the SSL part of boss.config look > like in a working config ? > Many thanks > > Regards, > > Nicolas - > > > >> -- >> Best wishes, >> >> On Wednesday, January 29, 2014 8:55:10 PM UTC+4, Nicolas Michel wrote: >> >>> Hi Igor, >>> >>> >>> 2014-01-28 Igor Clark <[email protected]> >>> >>> Hi Nicolas, when you say "the browser fails", what message does it give? >>>> Is it warning that the certificate is self-signed? If so, you won't be >>>> able >>>> to get round that (to my knowledge), as that's built in to the browser. >>>> >>> >>> Here is what I get with Firefox (26.0): >>> >>> The key does not support the requested operation. >>> (Error code: sec_error_invalid_key) >>> >>> It's the same if I try to manually add a Security Exception for my >>> server (I read something about that somewhere ...). >>> >>> >>>> But, if that is the only error, then it sounds like it's set up >>>> correctly, and when you add a "real" (externally-signed) certificate to >>>> the >>>> configuration, it should work. >>>> >>> >>> I hope :) >>> I'm still wondering how do other people to test their stuff, without >>> having to request a real certificate. It leaves me with the feeling I'm >>> missing something important. >>> I must be totally out the right path ... >>> >>> Thank you for your help. >>> >>> Best regards, >>> >>> Nicolas - >>> >>> >>>> >>>> Cheers, >>>> Igor >>>> >>>> >>>> On Tuesday, January 28, 2014 8:47:21 AM UTC-5, Nicolas Michel wrote: >>>> >>>>> Hi Igor, >>>>> >>>>> I made some tests with ssl, and I managed to establish a secured >>>>> connection between a server and a client, each one running in its own erl >>>>> instance, using a self-signed certificate. >>>>> >>>>> Encouraged by this humble success, I updated my boss.config file as >>>>> following : >>>>> >>>>> ... >>>>> {ssl_enable, true}, >>>>> {ssl_options, [ >>>>> {keyfile, "ssl/server.key"}, >>>>> {certfile, "ssl/server.crt"} >>>>> ]} >>>>> ... >>>>> >>>>> I'm experiencing something strange : using wget --no-check-certificate >>>>> "https:..." I successfully downloaded the secured URL. >>>>> But when I'm trying to browse the same URL, the browser fails. I tried >>>>> with firefox and chrome. >>>>> >>>>> Do you have any idea ? >>>>> Thanks for your help, I really appreciate. >>>>> >>>>> Regards, >>>>> >>>>> nicolas - >>>>> >>>>> >>>>> >>>>> 2014-01-27 Igor Clark <[email protected]> >>>>> >>>>>> Hi Nicolas, I haven't set up CB with SSL before but if it's >>>>>> complaining about "unknown CA" on a self-signed cert I wonder if you >>>>>> need >>>>>> to somehow tell the library not to worry about the CA, as it's >>>>>> self-signed? >>>>>> >>>>>> Failing that, if it's really urgent, you could try using nginx to >>>>>> terminate SSL and proxy to your CB instance. I've done this, including >>>>>> proxying websockets, and it worked very well. >>>>>> >>>>>> Cheers >>>>>> Igor >>>>>> >>>>>> >>>>>> On Monday, January 27, 2014 4:08:34 AM UTC-5, Nicolas Michel wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> No idea about my question ? >>>>>>> I'm really stuck because being over HTTPS is a strong requirement >>>>>>> for the app I'm working on to go live ... >>>>>>> Do my troubles come from the usage of a self-signed certificate ? >>>>>>> >>>>>>> Many thanks, >>>>>>> >>>>>>> Nicolas - >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2014-01-21 Nicolas Michel <[email protected]> >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I followed your advice, and I tried to used an earlier version of >>>>>>>> the tutorial. >>>>>>>> It still does not work. >>>>>>>> Here is what I get when I try to connect using https: >>>>>>>> >>>>>>>> (xxx@xxx)1> 21:29:53.661 [error] SSL: certify: >>>>>>>> tls_connection.erl:2275:Fatal error: unknown ca >>>>>>>> >>>>>>>> 21:29:53.665 [error] application: mochiweb, "Accept failed error", >>>>>>>> "{error,{tls_alert,\"unknown ca\"}}" >>>>>>>> 21:29:53.668 [error] CRASH REPORT Process <0.162.0> with 0 >>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>> 21:29:53.671 [error] {mochiweb_socket_server,297,{a >>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>> >>>>>>>> As stated in the tutorial, it uses a self-signed certificate, so I >>>>>>>> do not understand the "unknown ca" error. >>>>>>>> >>>>>>>> Any clue ? >>>>>>>> Does anybody have managed to setup a HTTPS configuration ? >>>>>>>> >>>>>>>> Many thanks, >>>>>>>> >>>>>>>> Nicolas - >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2014/1/21 Kai Janson <[email protected]> >>>>>>>> >>>>>>>>> Take a look at the history of the file. The newer write up has >>>>>>>>> some issues. >>>>>>>>> >>>>>>>>> Sent from my non-google-device >>>>>>>>> >>>>>>>>> On Jan 21, 2014, at 11:54 AM, Nicolas Michel < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I have a CB app which works fine in clear HTTP. >>>>>>>>> But I need to make it work with HTTPS. >>>>>>>>> I followed the recipe (copy/paste) I found here : >>>>>>>>> >>>>>>>>> https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-exampl >>>>>>>>> e-setup >>>>>>>>> >>>>>>>>> But it does not work. I've the following error : >>>>>>>>> >>>>>>>>> 17:52:33.010 [error] application: mochiweb, "Accept failed error", >>>>>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>>>>> 17:52:33.012 [error] CRASH REPORT Process <0.162.0> with 0 >>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>> 17:52:33.014 [error] {mochiweb_socket_server,295,{a >>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>> 17:52:33.016 [error] application: mochiweb, "Accept failed error", >>>>>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>>>>> 17:52:33.017 [error] CRASH REPORT Process <0.163.0> with 0 >>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>> 17:52:33.018 [error] application: mochiweb, "Accept failed error", >>>>>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>>>>> 17:52:33.019 [error] CRASH REPORT Process <0.164.0> with 0 >>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>> 17:52:33.022 [error] application: mochiweb, "Accept failed error", >>>>>>>>> "{error,{keyfile,{badmatch,{error,{asn1,{invalid_length,6}}}}}}" >>>>>>>>> 17:52:33.022 [error] CRASH REPORT Process <0.165.0> with 0 >>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>> 17:52:33.111 [error] {mochiweb_socket_server,295,{a >>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>> 17:52:33.212 [error] {mochiweb_socket_server,295,{a >>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>> 17:52:33.313 [error] {mochiweb_socket_server,295,{a >>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>> >>>>>>>>> Any idea ? >>>>>>>>> >>>>>>>>> br >>>>>>>>> >>>>>>>>> Nicolas - >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "ChicagoBoss" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> >>>>>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/chicagoboss/CAAQ9oZox__LiO >>>>>>>>> QPTj3x-ninrbZzhugmG-yZ_pFogr6PBbaHURA%40mail.gmail.com. >>>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "ChicagoBoss" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> >>>>>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/chicagoboss/170066BD-0BD2- >>>>>>>>> 440C-96BB-78913F778332%40gmail.com. >>>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "ChicagoBoss" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/chicagoboss/603e000b-7df0-4acc-8bf8-c6acf92a0dfb%40googl >>>>>> egroups.com. >>>>>> >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "ChicagoBoss" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/chicagoboss/959ea54c-6f12-41ae-bf30-66e1e59acd46% >>>> 40googlegroups.com. >>>> >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "ChicagoBoss" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> Visit this group at http://groups.google.com/group/chicagoboss. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/chicagoboss/41a4b71a-fb83-43c3-b161-e160ab8f75e6%40googlegroups.com >> . >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "ChicagoBoss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/chicagoboss. To view this discussion on the web visit https://groups.google.com/d/msgid/chicagoboss/abfd493b-5a72-487d-ad50-afb1a059db2e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
