couchdb ssl error connecting via https

[James Taber <je...@gmail.com>]

couchdb-1.1.1_js185_otp_R14B03_fix-win32-crypto (also tried 1.2.0 R14B04)
Windows 7
Firefox 13.0.1

when connecting to https://localhost:5984/_utils, receive the following
error

An error occurred during a connection to localhost:5984.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)


-- 
--
Between the greater and lesser infinities sleep the dreams undreamt.

Re: couchdb ssl error connecting via https

[James Taber <je...@gmail.com>]

User error, I was not aware that the script I was given was what created a
secure layer on our couchDB install.  So, until I ran that there was no
https to connect to.  I will try the new drop, though.
On Jul 13, 2012 2:03 AM, "Dave Cottlehuber" <da...@muse.net.nz> wrote:

> On 13 July 2012 01:54, James Taber <je...@gmail.com> wrote:
> > couchdb-1.1.1_js185_otp_R14B03_fix-win32-crypto (also tried 1.2.0 R14B04)
> > Windows 7
> > Firefox 13.0.1
> >
> > when connecting to https://localhost:5984/_utils, receive the following
> > error
> >
> > An error occurred during a connection to localhost:5984.
> >
> > SSL received a record that exceeded the maximum permissible length.
> >
> > (Error code: ssl_error_rx_record_too_long)
> >
> >
> > --
> > --
> > Between the greater and lesser infinities sleep the dreams undreamt.
>
> Hi James,
>
> https://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
> SSL_ERROR_RX_RECORD_TOO_LONG    -12263  "SSL received a record that
> exceeded the maximum permissible length."
> This generally indicates that the remote peer system has a flawed
> implementation of SSL, and is violating the SSL specification.
>
> Can you retry this with a couch based off R15B01
>
> https://www.dropbox.com/sh/jeifcxpbtpo78ak/JFSKO7WgCS/Snapshots/20120524/setup-couchdb-1.2.0%2BCOUCHDB-1482_otp_R15B01.exe
> as there've been considerable improvements in OTP's SSL implementation
> recently.
>
> Questions;
>
> - what configuration you are using (verifying intermediates etc)
> - does this error occur in the browser, via curl, or something else?
> - can you re-test with openssl s_client directly (to avoid the
> browser), with debug mode enabled?
> - what is shown in the couch.log error file at the same time?
> - does the issue recur for you using the sample certs from mochiweb
> https://github.com/mochi/mochiweb/tree/master/examples/https ?
>
> A+
> Dave
>

Re: couchdb ssl error connecting via https

[Dave Cottlehuber <da...@muse.net.nz>]

On 13 July 2012 01:54, James Taber <je...@gmail.com> wrote:
> couchdb-1.1.1_js185_otp_R14B03_fix-win32-crypto (also tried 1.2.0 R14B04)
> Windows 7
> Firefox 13.0.1
>
> when connecting to https://localhost:5984/_utils, receive the following
> error
>
> An error occurred during a connection to localhost:5984.
>
> SSL received a record that exceeded the maximum permissible length.
>
> (Error code: ssl_error_rx_record_too_long)
>
>
> --
> --
> Between the greater and lesser infinities sleep the dreams undreamt.

Hi James,

https://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
SSL_ERROR_RX_RECORD_TOO_LONG 	-12263 	"SSL received a record that
exceeded the maximum permissible length."
This generally indicates that the remote peer system has a flawed
implementation of SSL, and is violating the SSL specification.

Can you retry this with a couch based off R15B01
https://www.dropbox.com/sh/jeifcxpbtpo78ak/JFSKO7WgCS/Snapshots/20120524/setup-couchdb-1.2.0%2BCOUCHDB-1482_otp_R15B01.exe
as there've been considerable improvements in OTP's SSL implementation
recently.

Questions;

- what configuration you are using (verifying intermediates etc)
- does this error occur in the browser, via curl, or something else?
- can you re-test with openssl s_client directly (to avoid the
browser), with debug mode enabled?
- what is shown in the couch.log error file at the same time?
- does the issue recur for you using the sample certs from mochiweb
https://github.com/mochi/mochiweb/tree/master/examples/https ?

A+
Dave