Crystal: HTTP::Client SSL Error

Created on 2 Jul 2019  路  5Comments  路  Source: crystal-lang/crystal

This code works: 

require "http"
resp = HTTP::Client.get("https://codeload.github.com/TheKernelCorp/x86_64/tar.gz/v0.3.4")

This code returns SSL_shutdown: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify:

require "http"
HTTP::Client.get("https://codeload.github.com/TheKernelCorp/x86_64/tar.gz/v0.3.4") do |resp|
  resp
end
bug topiccrypto topicnetworking
Source
picture bararchy
👍4

Most helpful comment

This seems to work now, I think fixed with #8481 recommend close, thanks for the report!

picture rdp on 15 Feb 2020
1 👍1

All 5 comments

Just got the same thing

watzon picture watzon on 7 Jul 2019

Running this continuously and it does not show error.


Crystal 0.31.1 on MacOS

$ crystal --version
Crystal 0.31.1 (2019-10-02)

LLVM: 8.0.1
Default target: x86_64-apple-macosx

At some point I've probably just being blocked for doing DoS

Unhandled exception: Error reading socket: Connection reset by peer (Errno)
  from /usr/local/Cellar/crystal/0.31.1/src/socket.cr:61:9 in 'unbuffered_read'
  from /usr/local/Cellar/crystal/0.31.1/src/io/buffered.cr:79:16 in 'read'
  from BIO_read
  from ssl3_read_n
  from ssl3_read_bytes
  from ssl3_shutdown
  from /usr/local/Cellar/crystal/0.31.1/src/openssl/ssl/socket.cr:157:11 in 'unbuffered_close'
  from /usr/local/Cellar/crystal/0.31.1/src/io/buffered.cr:202:5 in 'close'
  from /usr/local/Cellar/crystal/0.31.1/src/http/client.cr:636:5 in '__crystal_main'
  from /usr/local/Cellar/crystal/0.31.1/src/crystal/main.cr:47:14 in 'main'
vlazar picture vlazar on 14 Oct 2019

Maybe #8025 fixed this? I can't think why, but apart from this, there have been no changes to any relevant code.
Alternatively, the server end might have changed some configuration and now fails to reproduce the error.

@bararchy @watzon can you confirm?

straight-shoota picture straight-shoota on 14 Oct 2019

I was able to repro this in linux:

e = SSL_shutdown: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
Unhandled exception: SSL_shutdown: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify (OpenSSL::SSL::Error)
  from src/openssl/ssl/socket.cr:159:11 in 'unbuffered_close'
  from src/io/buffered.cr:202:5 in 'close'
  from src/http/client.cr:742:19 in 'close'
  from src/http/client.cr:636:5 in '__crystal_main'
  from src/crystal/main.cr:97:5 in 'main_user_code'
  from src/crystal/main.cr:86:7 in 'main'
  from src/crystal/main.cr:106:3 in 'main'
  from __libc_start_main
  from _start
  from ???

Appears it's "a class" of misbehaving TLS connection (I'm just guessing from the failure message that is sending more data after sending the close_notify alert or sending too large of a close_notify alert or something along those lines?)

https://github.com/crystal-lang/crystal/issues/7136#issuecomment-550760418 happens to fix it by not waiting for the (forthcomingly bad) close_notify alert.

Another option would be to not raise the exception at SSL shutdown time if a "0" has already been received and it's waiting for the "1" to be returned from SSL_Shutdown && @sync_close is true but I guess that's kind of covered already...

rdp picture rdp on 7 Nov 2019

This seems to work now, I think fixed with #8481 recommend close, thanks for the report!

rdp picture rdp on 15 Feb 2020
1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nabeelomer picture nabeelomer  路  3Comments
oprypin picture oprypin  路  3Comments
costajob picture costajob  路  3Comments
relonger picture relonger  路  3Comments
lgphp picture lgphp  路  3Comments