Open p1mps opened 4 years ago
I've been using this library for more than 1 year (thank you very much for your work btw) and since yesterday my bot started receiving ssl handshake failures when the bot was trying to connect to the rtm slack api. The stacktrace:
=> {:opts {:query-params {:token nil}, :method :get, :url "https://slack.com/api/rtm.connect"}, :error #error { :cause "Received fatal alert: handshake_failure" :via [{:type javax.net.ssl.SSLException :message "Received fatal alert: handshake_failure" :at [sun.security.ssl.Alerts getSSLException "Alerts.java" 208]}] :trace [[sun.security.ssl.Alerts getSSLException "Alerts.java" 208] [sun.security.ssl.SSLEngineImpl fatal "SSLEngineImpl.java" 1647] [sun.security.ssl.SSLEngineImpl fatal "SSLEngineImpl.java" 1615] [sun.security.ssl.SSLEngineImpl recvAlert "SSLEngineImpl.java" 1781] [sun.security.ssl.SSLEngineImpl readRecord "SSLEngineImpl.java" 1070] [sun.security.ssl.SSLEngineImpl readNetRecord "SSLEngineImpl.java" 896] [sun.security.ssl.SSLEngineImpl unwrap "SSLEngineImpl.java" 766] [javax.net.ssl.SSLEngine unwrap "SSLEngine.java" 624] [org.httpkit.client.HttpsRequest doHandshake "HttpsRequest.java" 98] [org.httpkit.client.HttpClient doRead "HttpClient.java" 177] [org.httpkit.client.HttpClient run "HttpClient.java" 474] [java.lang.Thread run "Thread.java" 748]]}}
I've traced the problem and apparently httpkit doesn't support SNI-enabled connections (see http://blog.bradlucas.com/posts/2017-10-01-updated-clojure-ads-txt-crawler/)
This is a POC for how we should instantiate the client:
(defn sni-configure [^SSLEngine ssl-engine ^URI uri] (let [^SSLParameters ssl-params (.getSSLParameters ssl-engine)] (.setServerNames ssl-params [(SNIHostName. (.getHost uri))]) (.setSSLParameters ssl-engine ssl-params))) (def client (http/make-client {:ssl-configurer sni-configure})) (require '[org.httpkit.client :as http]) (def slack-api-token (env :slack-api-token)) (def SLACK_API_URL "https://slack.com/api") (let [opts {:query-params {:token slack-api-token}} url (str SLACK_API_URL "/rtm.connect")] @(http/get url (assoc opts :client client)))
I've been using this library for more than 1 year (thank you very much for your work btw) and since yesterday my bot started receiving ssl handshake failures when the bot was trying to connect to the rtm slack api. The stacktrace:
I've traced the problem and apparently httpkit doesn't support SNI-enabled connections (see http://blog.bradlucas.com/posts/2017-10-01-updated-clojure-ads-txt-crawler/)
This is a POC for how we should instantiate the client: