search

ninenines / gun

HTTP/1.1, HTTP/2, Websocket client (and more) for Erlang/OTP.
ISC License
898 stars 231 forks source link

Connect to Apple's verifyReceipt server Handshake Failure, but use curl is ok. #167

Closed boboxiaodd closed 6 years ago

boboxiaodd commented 6 years ago 
{ok, ConnPid} = gun:open("sandbox.itunes.apple.com", 443),
StreamRef = gun:get(ConnPid, "/verifyReceipt"),
gun:await(ConnPid, StreamRef),

i found the log: 

TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure

i use curl is ok:

curl https://sandbox.itunes.apple.com/verifyReceipt
{"status":21000}
essen commented 6 years ago

Try with just tls1.2 and ciphers/options considered secure for HTTP/2. Gun currently does not enforce them.

boboxiaodd commented 6 years ago

@essen 

{ok, ConnPid} = gun:open("sandbox.itunes.apple.com", 443, #{transport => tls}),
StreamRef = gun:get(ConnPid, "/verifyReceipt"),
gun:await(ConnPid, StreamRef),

also fail

essen commented 6 years ago

That's not what I mean.

And I was incorrect, the server doesn't seem to offer HTTP/2. It probably only requires secure ciphers and whatnot. You can configure TLS options via the transport_opts option.

Note that this is not a Gun issue:

1> application:ensure_all_started(ssl).
{ok,[crypto,asn1,public_key,ssl]}
2> ssl:connect("sandbox.itunes.apple.com", 443, []).
=INFO REPORT==== 20-Sep-2018::09:32:18.000136 ===
TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure

{error,{tls_alert,"handshake failure"}}

You might have more luck asking on the mailing lists, I'm not the most knowledgeable on TLS. I would love to hear what options are necessary to make it work though.