From: Per A. <avt...@gm...> - 2010-09-30 14:29:05
|
Hi! I use Yaws 1.88 in embedded mode together with self-signed SSL certs. It seems that there is some discrepancy in the Yaws docs... verify = 1 | 2 | 3 Specifies the level of verification the server does on client certs. 1 means nothing, 2 means the the server will ask the client for a cert but not fail if the client does not supply a client cert, 3 means that the server requires the client to sup- ply a client cert. But when I actually set #ssl.verify = 2 I get crashes in my application and the client complains about SSL protocol failure. The log shows ** Reason for termination = ** {function_clause, [{ssl_connection,handle_alert, [{alert,1,41,{"./ssl_connection.erl",1622}}, certify, Which seems to indicate that an SSL alert number 41 (no certificate) is raised. Which seems to be reasonable since I don't include any client cert in my request. Furthermore when I set #ssl.verify = 3 I get this =ERROR REPORT==== 30-Sep-2010::14:13:22 === Yaws: Failed to listen 0.0.0.0:8443 : {error,{eoptions,{verify,3}}} =ERROR REPORT==== 30-Sep-2010::14:13:22 === Can't listen to socket: {error,{eoptions,{verify,3}}} It seems to not even be possible to use it. Is it so that #ssl.verify = 1 is actually 2, and 2 is actually 3? Best regards, Per |
From: Per A. <avt...@gm...> - 2010-10-01 09:38:51
|
Hi again! I was digging around in Yaws source code and eventually wound up in OTP's ssl code. The code yaws_server:do_listen/2 eventually calls ssl:handle_options/2. On lines 539 - 554 it looks like valid values for #ssl.verify are 0 | 1 | 2, not 1 | 2 | 3. It might also be nice to implement the new (I think) options verify_none, verify_peer, and, fail_if_no_peer_cert. Best regards, Per |
From: Claes W. <kl...@ta...> - 2010-10-05 19:17:05
|
On 10/01/2010 11:38 AM, Per Andersson wrote: > It might also be nice to implement the new (I think) options verify_none, > verify_peer, and, fail_if_no_peer_cert. > Yes, agree. /klacke |
From: Per A. <avt...@gm...> - 2010-10-06 08:05:53
|
On Tue, Oct 5, 2010 at 9:16 PM, Claes Wikstrom <kl...@ta...> wrote: > On 10/01/2010 11:38 AM, Per Andersson wrote: > >> It might also be nice to implement the new (I think) options verify_none, >> verify_peer, and, fail_if_no_peer_cert. >> > > Yes, agree. Pushed to my fork of Yaws. See pull request on github. -- Per |
From: Claes W. <kl...@ta...> - 2010-10-06 09:17:41
|
On 10/06/2010 10:05 AM, Per Andersson wrote: > On Tue, Oct 5, 2010 at 9:16 PM, Claes Wikstrom<kl...@ta...> wrote: >> On 10/01/2010 11:38 AM, Per Andersson wrote: >> >>> It might also be nice to implement the new (I think) options verify_none, >>> verify_peer, and, fail_if_no_peer_cert. >>> >> >> Yes, agree. > > Pushed to my fork of Yaws. > > See pull request on github. Excellent, applied and pushed. /klacke |
From: Mojito S. <moj...@gm...> - 2010-10-05 14:53:22
|
I have a YAWS application that runs in embedded mode. That part works fine. Now I need to handle some .php files as well. I have PHP working when I run yaws in standalone mode, but in embedded mode I get the dreaded "No input file specified" message that PHP puts out when things are not just right. Here is the code that sets up the gconf and sconf records. Am I missing some setting? Id = "default", GC1 = yaws_config:make_default_gconf(false, Id), GC = GC1#gconf{ logdir = getLogdir(), phpexe = "/usr/bin/php-cgi", include_dir = ["./lib/cwares/include"] }, SC = #sconf{port = getPort(), servername = "warehouse", listen = {0,0,0,0}, allowed_scripts = ['php','yaws','cgi'], docroot = "./lib/cwares/priv", appmods = [wh]}, yaws_api:setconf(GC, [[SC]]). In the default yaws.conf for standalone mode, I see this line, but I am not sure what these modules are for, or if I need to put them in my code: appmods = <cgi-bin, yaws_appmod_cgi> |
From: Mojito S. <moj...@gm...> - 2010-10-06 14:25:34
|
Problem found. I was passing relative file paths for the include_dir and doc_root. I used the code from yaws_ctl, copied into my application, and dumped out the config records from there. Everything matched, except the form of those paths. On Tue, 2010-10-05 at 23:05 +0200, Claes Wikstrom wrote: > On 10/05/2010 10:43 PM, Mojito Sorbet wrote: > > Ok, that looks useful. I can read out the config of the standalone > > YAWS. But now how to I make the command find the embedded one so I can > > compare? > > > Check all fields, in particular, check the flags fields, yes that could > be better formatted .... > > You can print your embedded config in exactly the same manner as I do > in yaws_ctl.erl and compare. > > > > -klacke |
From: Mojito S. <moj...@gm...> - 2010-10-14 20:54:03
|
I use ehtml output a lot, but I keep getting errors like this when I make seemingly unrelated changes to the code. I think it means something is wrong with the "shape" of the ehtml tree I return from out/1, but I can not figure out what. {function_clause,[{yaws_api,ehtml_expand,[false]}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}, {yaws_api,ehtml_expand,1}]} |
From: Claes W. <kl...@ta...> - 2010-10-15 14:20:04
|
On 10/14/2010 10:53 PM, Mojito Sorbet wrote: > I use ehtml output a lot, but I keep getting errors like this when I > make seemingly unrelated changes to the code. I think it means > something is wrong with the "shape" of the ehtml tree I return from > out/1, but I can not figure out what. > > {function_clause,[{yaws_api,ehtml_expand,[false]}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}, > {yaws_api,ehtml_expand,1}]} No easy solutions here, maybe it would be possible to have a debug version of ehtml_expand that reports how far in the tree it got before failing. /klacke |
From: Claes W. <kl...@ta...> - 2010-10-05 19:16:25
|
On 09/30/2010 04:28 PM, Per Andersson wrote: > Hi! > > I use Yaws 1.88 in embedded mode together with self-signed SSL certs. > > It seems that there is some discrepancy in the Yaws docs... > ..... > Is it so that #ssl.verify = 1 is actually 2, and 2 is actually 3? > > Indeed so, thanks, fixed. /klacke |
From: Claes W. <kl...@ta...> - 2010-10-05 19:40:42
|
On 10/05/2010 04:53 PM, Mojito Sorbet wrote: > I have a YAWS application that runs in embedded mode. That part works > fine. Now I need to handle some .php files as well. > > I have PHP working when I run yaws in standalone mode, but in embedded > mode I get the dreaded "No input file specified" message that PHP puts > out when things are not just right. Irritating, and it can indeed be non-trivial to figure out how to populate the gconf,sconf record to get it - right. Actually, in your example, I couldn't see anything wrong allthough something was obviously not right. I just commited http://github.com/klacke/yaws/commit/713e35b4c90519c9af37fde2ac45878f15b4e3e0 Which you can apply and try, /klacke |
From: Mojito S. <moj...@gm...> - 2010-10-05 20:43:19
|
Ok, that looks useful. I can read out the config of the standalone YAWS. But now how to I make the command find the embedded one so I can compare? On Tue, 2010-10-05 at 21:40 +0200, Claes Wikstrom wrote: > On 10/05/2010 04:53 PM, Mojito Sorbet wrote: > > I have a YAWS application that runs in embedded mode. That part works > > fine. Now I need to handle some .php files as well. > > > > I have PHP working when I run yaws in standalone mode, but in embedded > > mode I get the dreaded "No input file specified" message that PHP puts > > out when things are not just right. > > > Irritating, and it can indeed be non-trivial to figure out how to populate > the gconf,sconf record to get it - right. > Actually, in your example, I couldn't see anything wrong allthough something > was obviously not right. > > I just commited > > http://github.com/klacke/yaws/commit/713e35b4c90519c9af37fde2ac45878f15b4e3e0 > |
From: Claes W. <kl...@ta...> - 2010-10-05 21:06:00
|
On 10/05/2010 10:43 PM, Mojito Sorbet wrote: > Ok, that looks useful. I can read out the config of the standalone > YAWS. But now how to I make the command find the embedded one so I can > compare? Check all fields, in particular, check the flags fields, yes that could be better formatted .... You can print your embedded config in exactly the same manner as I do in yaws_ctl.erl and compare. -klacke |
From: Claes W. <kl...@ta...> - 2010-10-06 18:01:26
|
On 10/06/2010 04:25 PM, Mojito Sorbet wrote: > Problem found. I was passing relative file paths for the include_dir > and doc_root. Good to hear ... and good luck with your project, /klacke |