SSL error using Cohttp_async

ryanslade · August 10, 2018, 7:50pm

Hi

I’m getting the an error when trying to make an https GET request to the following URL using Cohttp_async. I’ve tried with both the ssl and tls packages.

URL: https://www.alphavantage.co/query?function=TIME_SERIES_DAILY&symbol=MSFT&apikey=demo

Error:

(((pid 11196) (thread_id 0)) "2018-08-10 19:43:02.209899198Z"
 "unhandled exception in Async scheduler"
 ("unhandled exception"
  ((monitor.ml.Error
    (Ssl_error
     ("error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error")
     src/ssl.ml:151:4)
    ("Raised at file \"src/import0.ml\" (inlined), line 237, characters 22-32"
     "Called from file \"src/error.ml\" (inlined), line 9, characters 14-30"
     "Called from file \"src/error.ml\" (inlined), line 5, characters 2-50"
     "Called from file \"src/ssl.ml\", line 151, characters 4-74"
     "Called from file \"src/deferred0.ml\", line 61, characters 64-69"
     "Called from file \"src/job_queue.ml\", line 159, characters 6-47"
     "Caught by monitor ssl_pipe"))
   ((pid 11196) (thread_id 0)))))

Making the same request using curl or from Go works without issues.

ryanslade · August 13, 2018, 3:41pm

The issue appears be isolated to async, I’ve switched to lwt and it is now working.

timclassic · August 13, 2018, 10:03pm

Hi Ryan,

I was able to replicate this error. I figured out that this particular server fails to negotiate TLS if the client doesn’t supply a server name using SNI. openssl s_client will produce the same error if you don’t use the -servername parameter.

Here’s a small function go that enables SNI and works on my system. It just prints out the returned response body:

let go () =
  let uri =
    Ocaml_uri.Uri.of_string
      "https://www.alphavantage.co/query?function=TIME_SERIES_DAILY&symbol=MSFT&apikey=demo"
  in
  let ssl_config = Conduit_async.Ssl.configure ~hostname:"www.alphavantage.co" () in
  let%bind _response, body = Client.get ~ssl_config uri in
  let%bind body = Body.to_string body in
  printf "%s" body;
  return ()
;;

My guess is that the Lwt variant sets the server name by default, but I’m not sure.

I hope this helps!

ryanslade · August 14, 2018, 7:11am

Great, thanks for the help.

avsm · August 17, 2018, 2:44pm

@dinosaure is currently adding direct ocaml-tls support to Async, so this should hopefully percolate to Conduit_async soon after along with corresponding SNI support…

avsm · November 14, 2018, 4:58pm

For anyone Googling, this is being addressed by https://github.com/mirage/ocaml-cohttp/issues/624

Topic		Replies	Views
Cohttp client tls exception Learning lwt , cohttp	3	1254	March 7, 2020
Cohttp error cases Learning cohttp	0	651	February 21, 2019
Exception: Failure "No SSL or TLS support compiled into Conduit" Learning	2	755	April 13, 2023
`No SSL or TLS support compiled into Conduit` with cohttp 5.3.1, conduit 6.2.1, tls 0.17.4 Ecosystem opam , cohttp , tls , conduit	4	144	April 3, 2024
[ANN] cohttp 6.0.0~alpha0 released Community announce	0	719	November 15, 2022

SSL error using Cohttp_async

Related Topics