-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL error handling #13
Comments
Thanks for the issue! I'm not really in favour of having opinionated logic in TI for things like certificate path validation - it's squarely not 'our' concern and would result in an ad-hoc duplication of whatever logic for this is already present within the :ssl lib, with all the attendant issues keeping up to date with changes and just generally plugging holes in the dyke. In this particular case, I would propose that expected behaviour here would be for TI to catch this error at runtime and pass it to the handle_error/3 callback for processing by the handler as we do with any other transport error. This particular error will presumably bubble up from the :ssl.handshake call which was just augmented a few days ago as part of #10 (thanks @moogle19!). To help move improvements along, would you be able to:
We ought to be able to button this up pretty quick once we can repro it. Thanks again! |
OK. The repro is simply to type some junk into the :certfile or :keyfile param. Resulting crash is not easy to understand. I was moments away from adding a file existence check to listen/2, however, I agree it could be better handled by parsing the runtime error. I'll keep any eye on your commits P.S Any chance of doing a few interim releases as we go along? I am keen to use this in a corporate project, for various reasons it simplifies my life to point to hex releases... Ta |
Cool. I'll get to work on a fix for this. I'll tag and release main tonight, though without this fix. |
I'm actually having a tough time reproducing. Here's my process (running in the root of thousand_island):
What am I missing from your repro? |
In other news, 0.5.3 just got tagged and released off of main (again, without this fix) |
Hi, I wonder why we see different things? To be clear, I switched from my branch to 0.5.3, then ran your script above in my IEX session, I see:
And in iex I see:
I have no such dir "./test/support/" so the error is correct Now, I think my point is, the error above is not incorrect, but I claim it's hard to understand the problem. Especially if it were a typo, or just a problem with CWD (I have an umbrella app in production and it's an endless source of minor bugs because CWD is the umbrella at runtime, but each app is the CWD during tests, so relative paths are a no-no. However, building a release wants relative paths as you don't know where it will be installed. So debugging a cert error could have the right name, but wrong path and be difficult to spot easily) To my eye the line:
Is not incorrect, but it is quite subtle for a potentially common mistake. Can we do better? |
Finally managed to get a repro on this and after a bit of investigation I think we currently behave as expected, with possibly a few small changes for clarity. Here's what's happening in this case:
Ultimately, I think this is all correct and expected for the following two main reasons:
The one amendment I think may make sense here is to annotate the shutdown reason issued at step 3 above to indicate where it came from, essentially changing |
Hi, I am fine with the :stop error/crash happening, I think the point was more that it's not a very explanatory of the underlying problem? I think that a lot of elixir code has changed to having fairly beautiful errors, eg on my terminal right now I see: I think our error above is a long way from self explanatory. I'm wondering if we shouldn't check some of our parameters at initialise time in: ThousandIsland.Transports.SSL.listen() Here for example if the user passes an invalid format cert (pem rather than der) we could let them know? Likewise if there isn't a file at the location :certfile then we could actually say as much? I guess these don't need to be terminal errors as it's theoretically possible that there is some race condition occurring where some other process is populating the file location, but it seems to warrant a warning at least to me? The reason I find a bit of help debugging :certfile errors useful is largely that I keep running into minor path errors due to running an umbrella app. Relative paths are problematic because the base path changes between runtime and test time. I think when I hit this error initially I had the right path, just the wrong $cwd, and it came up in the middle of a test, which added additional verbosity to understanding the root cause. Anyway, I am just repeating myself, so I think this is my last word on this. Please close with :wontfix if you disagree, this is purely an opinion matter on my side. Thanks! |
I totally see your point on this, and to be honest part of me agrees with you, however I think the maintainer in me is anxious about this for three reasons:
All this having been said, I think a documentation note to this effect would be welcome in either / both the README or the Transports.SSL module docs (and maybe even upstream in Bandit as well). I'll happily entertain PRs to that end, but in the meantime I'll be closing this issue for cleanliness. If you do have further feedback on this, feel free to reopen this issue or start a new one. Thanks again for the constructive thoughts! |
Hi, I'm trying the code with #10 included. Deliberately using an invalid SSL cert path is ... ugly. Only at the point something connects to us we get a crash such as:
I wonder if we should check for path existing in the ThousandIsland.Transports.SSL.listen() function ?
Are there disadvantages of this? Perhaps some corner case where the user wants to rotate SSL certs at startup and technically all will be in place by the time the socket receives a real connection?? Any other reasons for it to be valid to start SSL pointing at missing certs? Worst case we could do a warn here and leave the crash at execution time?
I then fix the path to the SSL and attempt to connect to my self signed cert using an elixir lib which demands non self signed certs. The resulting error is a bit of a mess, but something like the following (note that initial errors from my client side code):
I guess we aren't handling some state, but I haven't poked deeper at it yet.
The text was updated successfully, but these errors were encountered: