Re: [Erlyaws-list] embedded ssl config?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tue, 2011-02-22 at 17:19 +0100, Per Andersson wrote:
> Hi!
> 
> On Tue, Feb 22, 2011 at 4:53 PM, Peter W. Morreale <pmo...@no...> wrote:
> > I'm attempting to enable ssl on an embedded yaws server.
> >
> > Can someone share an sconf record that enables ssl for an embedded yaws
> > server?  (assuming that is possible)
> 
> This should be no different from an ordinary #sconf{}. I use the following
> with embedded yaws in production
> 
>     #sconf{listen = {0, 0, 0, 0},
>            port = 8000,
>            servername = servername_here,
>            docroot = "priv/docroot",
>            appmods = [{"/", handler_app_here}],
>            ssl = #ssl{depth = 0,
>                       cacertfile = "priv/ssl/cacert.pem",
>                       certfile = "priv/ssl/cert.pem",
>                       keyfile = "priv/ssl/key.pem"}
>           }
> 
> 
> --
> Per

Thanks Per.  I still seem to have something wrong as I get the following
crash upon accessing the website:

=CRASH REPORT==== 23-Feb-2011::11:37:04 ===
  crasher:
    initial call: yaws_server:acceptor0/2
    pid: <0.82.0>
    registered_name: []
    exception exit: {noproc,
                        {gen_server,call,
                            [ssl_connection_sup,
                             {start_child,
                                 [server,"localhost",8001,#Port<0.1207>,
                                  {{ssl_options,[],verify_none,
                                       {#Fun<ssl.1.66525248>,[]},
                                       false,false,undefined,0,
                                       "priv/ssl/cert.pem",undefined,
                                       "priv/ssl/key.pem",undefined,

"<omitted>",undefined,[],undefined,
                                       undefined,
                                       [<<0,57>>,
                                        <<0,56>>,
                                        <<0,53>>,
                                        <<0,22>>,
                                        <<0,19>>,
                                        <<0,10>>,
                                        <<0,51>>,
                                        <<0,50>>,
                                        <<0,47>>,
                                        <<0,5>>,
                                        <<0,4>>,
                                        <<0,21>>,
                                        <<0,9>>],
                                       #Fun<ssl.0.5561466>,true,
                                       18446744073709551900,false,[]},

{socket_options,binary,http,0,0,false}},
                                  <0.82.0>,
                                  {gen_tcp,tcp,tcp_closed,tcp_error}]},
                             infinity]}}
      in function  gen_server:call/3

I generated the self-signed cert with: 

% openssl req -new -x509 -days 3650 -keyout key.pem -out cert.pem
-newkey rsa:2048 -subj "/CN=hermosa.morreale.net"

and configured my embedded yaws server as: 

    GC = yaws_config:make_default_gconf(false, "example"),
    SC = #sconf{
      port = 8001,
      servername = "localhost",
      listen = {0, 0, 0, 0},
      docroot = "/tmp",
      ssl = #ssl{depth=0,
                certfile = "priv/ssl/cert.pem",
                keyfile = "priv/ssl/key.pem",
                password = "<omitted>"},
      appmods = [{"/", yaws_security_filterchain}]
    },

Not familar (yet ;) with reading crash messages, but it appears that I
blew out attempting to start the ssl application, is that right?  

Please note that I am new to Erlang/OTP/yaws so I'm probably missing
something simple.  Please be gentle. ;-)

Does the above look right?

THanks for any and all pointers.

Best,
-PWM