Michal Suchanek
3/16/2009 6:02:00 PM
2009/3/15 Erick Cantwell <ecantwell@bluehost.com>:
> I have been working with the SSLServer class in Ruby and have run across
> a problem that I cannot get my head around:
>
> My basic server application accepts and handles SSL connections as it
> should (or as I think it should), but when I use telnet (non-SSL
> encrypted) the server crashes.
>
> I immediately assumed that there was a problem in my code so I began
> stripping it down to the bare minimum required. =C2=A0However, when this =
did
> not correct the issue, I ended up with the most basic SSLServer possible
> and the symptoms have not gone away.
>
> Current test code(this code is not mine, but was the most basic
> SSLServer example that I could find...the result is the same with this
> code and my code):
>
> #!/usr/bin/ruby
>
> require 'socket'
> require 'openssl'
>
> include OpenSSL
>
> ctx =3D SSL::SSLContext.new()
> ctx.cert =3D X509::Certificate.new(File.read('/home/riot82/blah.crt'))
> ctx.key =3D PKey::RSA.new(File.read('/home/riot82/blah.key'))
> svr =3D TCPServer.new(2007)
> serv =3D SSL::SSLServer.new(svr, ctx)
>
> loop do
> =C2=A0 while soc =3D serv.accept
> =C2=A0 =C2=A0 =C2=A0 =C2=A0puts soc.read
> =C2=A0 end
> end
>
>
>
> This code works like I would expect when testing a connection with:
>
> openssl s_client -connect localhost:2007
>
> However, a simple telnet test:
>
> telnet localhost 2007
>
> Telnet makes the connection, but upon exit the server crashes with the
> following error message:
>
> /usr/lib/ruby/1.8/openssl/ssl.rb:171:in `accept': SSL_accept SYSCALL
> returned=3D5 errno=3D0 state=3DSSLv2/v3 read client hello A
> (OpenSSL::SSL::SSLError)
> =C2=A0 =C2=A0 =C2=A0 =C2=A0from /usr/lib/ruby/1.8/openssl/ssl.rb:171:in `=
accept'
> =C2=A0 =C2=A0 =C2=A0 =C2=A0from ./server3.rb:15
> =C2=A0 =C2=A0 =C2=A0 =C2=A0from ./server3.rb:14:in `loop'
> =C2=A0 =C2=A0 =C2=A0 =C2=A0from ./server3.rb:14
>
You are getting a SSL exception here.
I guess this is perfectly normal and expected. You connect to your SSL
server with telnet which does not support SSL, and then you(or
telnett) write some garbage (or nothing at all) which is not a SSL
handshake.
So the SSL library reports an error which appears as exception in Ruby.
You should catch the exception (and possibly print the error) and
retry the accept in case a valid SSL client connects later.
HTH
Michal