You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "ILYA (JIRA)" <ji...@apache.org> on 2016/07/07 15:10:12 UTC

[jira] [Commented] (COUCHDB-3049) inet:sockname called on ssl socket

    [ https://issues.apache.org/jira/browse/COUCHDB-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366252#comment-15366252 ] 

ILYA commented on COUCHDB-3049:
-------------------------------

SSL can be detected as:
{code}
case MochiReq:get(socket) of
   {ssl, Socket} -> inet:sockname(Socket);
   Socket -> ssl:sockname(Socket)
end.
{code}
see [here|https://github.com/apache/couchdb-mochiweb/blob/cb521b34cfdd38f2ff833efbd8af4dc208ee599e/src/mochiweb_request.erl#L75] and [here|https://github.com/mochi/mochiweb/blob/master/src/mochiweb_socket.erl#L24]


> inet:sockname called on ssl socket
> ----------------------------------
>
>                 Key: COUCHDB-3049
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-3049
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: Jay Doane
>            Assignee: ILYA
>
> I configured couchdb to accept ssl requests on port 6894 and put it behind haproxy, but the health checks were failing because of this error:
> req_err(1419482684) unknown_error : function_clause    [<<"prim_inet:sockname/1">>,<<"chttpd:absolute_uri/2 L541">>,<<"cloudant_plugin_chttpd:update_absolute_uri/1 L78">>,<<"cloudant_plugin_chttpd:before_request/1 L20">>,<<"lists:foldl/3 L1261">>,<<"chttpd_plugin:before_request/1 L30">>,<<"chttpd:before_request/1 L252">>,<<"chttpd:handle_request_int/1 L225">>]
> I traced the problem to calling inet:sockname on an ssl socket:
> https://github.com/apache/couchdb-chttpd/blob/master/src/chttpd.erl#L549
> However, I didn't do a thorough audit to ensure there are no other places where an inet function might be called on an ssl socket.
> In any case, a simple workaround is to change the "option httpchk" line in haproxy.cfg to something like this:
> option httpchk GET /_up HTTP/1.0\r\nHost:\ some.host
> which will avoid dropping into that particular case where the crashing code is called.
> The simplest solution is to create a helper function that distinguishes between tcp and ssl sockets:
> sockname(Socket) when is_pid(Socket) ->
>     inet:sockname(Socket);
> sockname(Socket) when is_tuple(Socket) -> % is_tuple since ssl_api.hrl is not exposed
>     ssl:sockname(Socket).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)