SSL error using Cohttp_async


#1

Hi

I’m getting the an error when trying to make an https GET request to the following URL using Cohttp_async. I’ve tried with both the ssl and tls packages.

URL: https://www.alphavantage.co/query?function=TIME_SERIES_DAILY&symbol=MSFT&apikey=demo

Error:

(((pid 11196) (thread_id 0)) "2018-08-10 19:43:02.209899198Z"
 "unhandled exception in Async scheduler"
 ("unhandled exception"
  ((monitor.ml.Error
    (Ssl_error
     ("error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error")
     src/ssl.ml:151:4)
    ("Raised at file \"src/import0.ml\" (inlined), line 237, characters 22-32"
     "Called from file \"src/error.ml\" (inlined), line 9, characters 14-30"
     "Called from file \"src/error.ml\" (inlined), line 5, characters 2-50"
     "Called from file \"src/ssl.ml\", line 151, characters 4-74"
     "Called from file \"src/deferred0.ml\", line 61, characters 64-69"
     "Called from file \"src/job_queue.ml\", line 159, characters 6-47"
     "Caught by monitor ssl_pipe"))
   ((pid 11196) (thread_id 0)))))

Making the same request using curl or from Go works without issues.


#2

The issue appears be isolated to async, I’ve switched to lwt and it is now working.


#3

Hi Ryan,

I was able to replicate this error. I figured out that this particular server fails to negotiate TLS if the client doesn’t supply a server name using SNI. openssl s_client will produce the same error if you don’t use the -servername parameter.

Here’s a small function go that enables SNI and works on my system. It just prints out the returned response body:

let go () =
  let uri =
    Ocaml_uri.Uri.of_string
      "https://www.alphavantage.co/query?function=TIME_SERIES_DAILY&symbol=MSFT&apikey=demo"
  in
  let ssl_config = Conduit_async.Ssl.configure ~hostname:"www.alphavantage.co" () in
  let%bind _response, body = Client.get ~ssl_config uri in
  let%bind body = Body.to_string body in
  printf "%s" body;
  return ()
;;

My guess is that the Lwt variant sets the server name by default, but I’m not sure.

I hope this helps!


#4

Great, thanks for the help.


#5

@dinosaure is currently adding direct ocaml-tls support to Async, so this should hopefully percolate to Conduit_async soon after along with corresponding SNI support…


#6

For anyone Googling, this is being addressed by https://github.com/mirage/ocaml-cohttp/issues/624