Thanks for your help. Things are not as straightforward as I expected ... Nicolas -
2014-01-30 <[email protected]>: > well, it was long ago. I rechecked and found that ssl does not work with > mochiweb. I don't know why. Switching to cowboy helps. Setting nginx as a > frontend that handles ssl helps too. My config is pretty much the same as > doc recommends - > https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-example-setup > > On Thursday, January 30, 2014 12:43:15 PM UTC+4, Nicolas Michel wrote: >> >> Hi, >> >> 2014-01-29 <[email protected]>: >> >> both browser and wget cause errors on CA check. May be the ca-cert file >>> is corrupted or unreadable (e.g. because of permissions) or something like >>> that. >>> >> >> This is why I find strange that I managed to get the page with wget and >> not with the browser. At the SSL level things are supposed to behave >> roughly the same way ... >> >> >>> I used CA.pl script (part of openssl) to create self-signed certs (ca >>> and server) and it worked ok. Yes, the browser complained first for unknown >>> CA, but after pressing 'proceed anyway' everything was good. And after >>> importing ca-cert file into the browser, it worked smooth and quiet. >>> It was for version 0.8.7 >>> >> >> I'm using CB 0.8.5 >> I'll try with CA.pl script. What does the SSL part of boss.config look >> like in a working config ? >> Many thanks >> >> Regards, >> >> Nicolas - >> >> >> >>> -- >>> Best wishes, >>> >>> On Wednesday, January 29, 2014 8:55:10 PM UTC+4, Nicolas Michel wrote: >>> >>>> Hi Igor, >>>> >>>> >>>> 2014-01-28 Igor Clark <[email protected]> >>>> >>>> Hi Nicolas, when you say "the browser fails", what message does it >>>>> give? Is it warning that the certificate is self-signed? If so, you won't >>>>> be able to get round that (to my knowledge), as that's built in to the >>>>> browser. >>>>> >>>> >>>> Here is what I get with Firefox (26.0): >>>> >>>> The key does not support the requested operation. >>>> (Error code: sec_error_invalid_key) >>>> >>>> It's the same if I try to manually add a Security Exception for my >>>> server (I read something about that somewhere ...). >>>> >>>> >>>>> But, if that is the only error, then it sounds like it's set up >>>>> correctly, and when you add a "real" (externally-signed) certificate to >>>>> the >>>>> configuration, it should work. >>>>> >>>> >>>> I hope :) >>>> I'm still wondering how do other people to test their stuff, without >>>> having to request a real certificate. It leaves me with the feeling I'm >>>> missing something important. >>>> I must be totally out the right path ... >>>> >>>> Thank you for your help. >>>> >>>> Best regards, >>>> >>>> Nicolas - >>>> >>>> >>>>> >>>>> Cheers, >>>>> Igor >>>>> >>>>> >>>>> On Tuesday, January 28, 2014 8:47:21 AM UTC-5, Nicolas Michel wrote: >>>>> >>>>>> Hi Igor, >>>>>> >>>>>> I made some tests with ssl, and I managed to establish a secured >>>>>> connection between a server and a client, each one running in its own erl >>>>>> instance, using a self-signed certificate. >>>>>> >>>>>> Encouraged by this humble success, I updated my boss.config file as >>>>>> following : >>>>>> >>>>>> ... >>>>>> {ssl_enable, true}, >>>>>> {ssl_options, [ >>>>>> {keyfile, "ssl/server.key"}, >>>>>> {certfile, "ssl/server.crt"} >>>>>> ]} >>>>>> ... >>>>>> >>>>>> I'm experiencing something strange : using wget >>>>>> --no-check-certificate "https:..." I successfully downloaded the secured >>>>>> URL. >>>>>> But when I'm trying to browse the same URL, the browser fails. I >>>>>> tried with firefox and chrome. >>>>>> >>>>>> Do you have any idea ? >>>>>> Thanks for your help, I really appreciate. >>>>>> >>>>>> Regards, >>>>>> >>>>>> nicolas - >>>>>> >>>>>> >>>>>> >>>>>> 2014-01-27 Igor Clark <[email protected]> >>>>>> >>>>>>> Hi Nicolas, I haven't set up CB with SSL before but if it's >>>>>>> complaining about "unknown CA" on a self-signed cert I wonder if you >>>>>>> need >>>>>>> to somehow tell the library not to worry about the CA, as it's >>>>>>> self-signed? >>>>>>> >>>>>>> Failing that, if it's really urgent, you could try using nginx to >>>>>>> terminate SSL and proxy to your CB instance. I've done this, including >>>>>>> proxying websockets, and it worked very well. >>>>>>> >>>>>>> Cheers >>>>>>> Igor >>>>>>> >>>>>>> >>>>>>> On Monday, January 27, 2014 4:08:34 AM UTC-5, Nicolas Michel wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> No idea about my question ? >>>>>>>> I'm really stuck because being over HTTPS is a strong requirement >>>>>>>> for the app I'm working on to go live ... >>>>>>>> Do my troubles come from the usage of a self-signed certificate ? >>>>>>>> >>>>>>>> Many thanks, >>>>>>>> >>>>>>>> Nicolas - >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2014-01-21 Nicolas Michel <[email protected]> >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I followed your advice, and I tried to used an earlier version of >>>>>>>>> the tutorial. >>>>>>>>> It still does not work. >>>>>>>>> Here is what I get when I try to connect using https: >>>>>>>>> >>>>>>>>> (xxx@xxx)1> 21:29:53.661 [error] SSL: certify: >>>>>>>>> tls_connection.erl:2275:Fatal error: unknown ca >>>>>>>>> >>>>>>>>> 21:29:53.665 [error] application: mochiweb, "Accept failed error", >>>>>>>>> "{error,{tls_alert,\"unknown ca\"}}" >>>>>>>>> 21:29:53.668 [error] CRASH REPORT Process <0.162.0> with 0 >>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>> 21:29:53.671 [error] {mochiweb_socket_server,297,{a >>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>> >>>>>>>>> As stated in the tutorial, it uses a self-signed certificate, so I >>>>>>>>> do not understand the "unknown ca" error. >>>>>>>>> >>>>>>>>> Any clue ? >>>>>>>>> Does anybody have managed to setup a HTTPS configuration ? >>>>>>>>> >>>>>>>>> Many thanks, >>>>>>>>> >>>>>>>>> Nicolas - >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 2014/1/21 Kai Janson <[email protected]> >>>>>>>>> >>>>>>>>>> Take a look at the history of the file. The newer write up has >>>>>>>>>> some issues. >>>>>>>>>> >>>>>>>>>> Sent from my non-google-device >>>>>>>>>> >>>>>>>>>> On Jan 21, 2014, at 11:54 AM, Nicolas Michel < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I have a CB app which works fine in clear HTTP. >>>>>>>>>> But I need to make it work with HTTPS. >>>>>>>>>> I followed the recipe (copy/paste) I found here : >>>>>>>>>> >>>>>>>>>> https://github.com/ChicagoBoss/ChicagoBoss/wiki/Https-exampl >>>>>>>>>> e-setup >>>>>>>>>> >>>>>>>>>> But it does not work. I've the following error : >>>>>>>>>> >>>>>>>>>> 17:52:33.010 [error] application: mochiweb, "Accept failed >>>>>>>>>> error", "{error,{keyfile,{badmatch,{er >>>>>>>>>> ror,{asn1,{invalid_length,6}}}}}}" >>>>>>>>>> 17:52:33.012 [error] CRASH REPORT Process <0.162.0> with 0 >>>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>>> 17:52:33.014 [error] {mochiweb_socket_server,295,{a >>>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>>> 17:52:33.016 [error] application: mochiweb, "Accept failed >>>>>>>>>> error", "{error,{keyfile,{badmatch,{er >>>>>>>>>> ror,{asn1,{invalid_length,6}}}}}}" >>>>>>>>>> 17:52:33.017 [error] CRASH REPORT Process <0.163.0> with 0 >>>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>>> 17:52:33.018 [error] application: mochiweb, "Accept failed >>>>>>>>>> error", "{error,{keyfile,{badmatch,{er >>>>>>>>>> ror,{asn1,{invalid_length,6}}}}}}" >>>>>>>>>> 17:52:33.019 [error] CRASH REPORT Process <0.164.0> with 0 >>>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>>> 17:52:33.022 [error] application: mochiweb, "Accept failed >>>>>>>>>> error", "{error,{keyfile,{badmatch,{er >>>>>>>>>> ror,{asn1,{invalid_length,6}}}}}}" >>>>>>>>>> 17:52:33.022 [error] CRASH REPORT Process <0.165.0> with 0 >>>>>>>>>> neighbours exited with reason: {error,accept_failed} in >>>>>>>>>> mochiweb_acceptor:init/3 line 33 >>>>>>>>>> 17:52:33.111 [error] {mochiweb_socket_server,295,{a >>>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>>> 17:52:33.212 [error] {mochiweb_socket_server,295,{a >>>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>>> 17:52:33.313 [error] {mochiweb_socket_server,295,{a >>>>>>>>>> cceptor_error,{error,accept_failed}}} >>>>>>>>>> >>>>>>>>>> Any idea ? >>>>>>>>>> >>>>>>>>>> br >>>>>>>>>> >>>>>>>>>> Nicolas - >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "ChicagoBoss" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> >>>>>>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/chicagoboss/CAAQ9oZox__LiO >>>>>>>>>> QPTj3x-ninrbZzhugmG-yZ_pFogr6PBbaHURA%40mail.gmail.com. >>>>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "ChicagoBoss" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> >>>>>>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/chicagoboss/170066BD-0BD2- >>>>>>>>>> 440C-96BB-78913F778332%40gmail.com. >>>>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "ChicagoBoss" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/chicagoboss/603e000b-7df0- >>>>>>> 4acc-8bf8-c6acf92a0dfb%40googlegroups.com. >>>>>>> >>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>> >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "ChicagoBoss" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> Visit this group at http://groups.google.com/group/chicagoboss. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/chicagoboss/959ea54c-6f12-41ae-bf30-66e1e59acd46%40googl >>>>> egroups.com. >>>>> >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "ChicagoBoss" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> Visit this group at http://groups.google.com/group/chicagoboss. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/chicagoboss/41a4b71a-fb83-43c3-b161-e160ab8f75e6% >>> 40googlegroups.com. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "ChicagoBoss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at http://groups.google.com/group/chicagoboss. > To view this discussion on the web visit > https://groups.google.com/d/msgid/chicagoboss/abfd493b-5a72-487d-ad50-afb1a059db2e%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "ChicagoBoss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/chicagoboss. To view this discussion on the web visit https://groups.google.com/d/msgid/chicagoboss/CAAQ9oZrtOMoizb6VRw26sgqyeLyzwDdbTZnJcDbD7u9gvS%3DLGw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
