Am Donnerstag, den 28.07.2011, 17:50 +0200 schrieb [email protected]: > Hello, > > I am trying to use SSl with the Ocamlnet Http_client. When I use the run > method > on the pipeline,the call executes well, and when it is empty, the program > stalls > for 30 sec before encountering an ssl error an continuing.
It turns out that the server is misbehaving here. It does not implement the SSL connection closure correctly. In particular, Http_client sends a close-notify message to the server, but the server does not respond to this. Well, there are probably many buggy SSL servers out there. Many programmers have no clue how to close an SSL connection correctly, and SSL libraries leave room for such implementation errors. Interesting to see that even a large organization cannot do it, even one that (probably) cares about security standards. I've quickly tested a "forced" closure method, where the SSL close-notify message is immediately followed by a TCP FIN message. At least wellsfargo.com gets impressed by that, and they close then the TCP channel. This is still a protocol violation, but we can live with that. I'll test it a bit more, and will (hopefully) release a new ocamlnet version soon. Gerd > > The same thing happens when using convenience. > > I'm using ocaml 3.12.1 and ocamlnet 3.3.5 > > Code : > > > > Debug.enable:=true; > > Ssl.init(); > Http_client.Convenience.configure_pipeline > (fun p -> > let ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in > let tct = Https_client.https_transport_channel_type ctx in > p # configure_transport Http_client.https_cb_id tct > ); > http_get "https://www.wellsfargo.com/"; > > Debug information: > > > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: HTTP connection: > creating direct connection to www.wellsfargo.com:443 > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - HTTP direct > connection to www.wellsfargo.com:443: Connected! > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: HTTP Connection: > adding > call 32 > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: Call 32: initialize > transmitter > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - Call 32 - HTTP > request: GET / HTTP/1.1 > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - HTTP > connection: > Got Call 32! > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - HTTP > connection: > pipelining=true persistency=false close_connection=false->false > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: Call 32 - > postprocessing > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - HTTP > connection: > Shutdown! > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: FD 3 - HTTP > connection: > Closing socket! > [Thu Jul 28 15:17:25 2011] [debug] [6261:0] Http_client: HTTP connection: > checking remaining pipeline requests > [Thu Jul 28 15:17:55 2011] [debug] [6261:0] Http_client: FD 3 - Shutdown > error: > Uq_ssl.Ssl_error(Ssl.Error_syscall) > > > Cheers > > -Pierre > -- ------------------------------------------------------------ Gerd Stolpmann, Bad Nauheimer Str.3, 64289 Darmstadt,Germany [email protected] http://www.gerd-stolpmann.de Phone: +49-6151-153855 Fax: +49-6151-997714 ------------------------------------------------------------ -- Caml-list mailing list. Subscription management and archives: https://sympa-roc.inria.fr/wws/info/caml-list Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs
