search

ueberauth / oauth2

An Elixir OAuth 2.0 Client Library
MIT License
749 stars 139 forks source link

OTP 23 OAuth2.Error #149

Closed bjarki closed 4 years ago

bjarki commented 4 years ago

After updating to OTP 23 I get a runtime error.

OTP 23 removes support for sslv3

Also note that we have removed support for the legacy TLS version SSL-3.0.

[error] #PID<0.729.0> running KrabbWeb.Endpoint (connection #PID<0.728.0>, stream id 1) terminated
Server: localhost:4000 (http)
Request: GET /auth/auth0/callback?code=yu9Gk407_AVfOHgj
** (exit) an exception was raised:
** (OAuth2.Error) {:options, {:sslv3, {:versions, [:"tlsv1.2", :"tlsv1.1", :tlsv1, :sslv3]}}}
(oauth2 2.0.0) lib/oauth2/client.ex:312: OAuth2.Client.get_token!/4
(ueberauth_auth0 0.4.0) lib/ueberauth/strategy/auth0.ex:57: Ueberauth.Strategy.Auth0.handle_callback!/1
(ueberauth 0.6.3) lib/ueberauth/strategy.ex:307: Ueberauth.Strategy.run_callback/2
(krabb 0.1.0) lib/krabb_web/controllers/auth_controller.ex:1: KrabbWeb.AuthController.phoenix_controller_pipeline/2
(phoenix 1.5.1) lib/phoenix/router.ex:352: Phoenix.Router.__call__/2
(krabb 0.1.0) lib/plug/error_handler.ex:65: KrabbWeb.Router.call/2
(krabb 0.1.0) lib/krabb_web/endpoint.ex:1: KrabbWeb.Endpoint.plug_builder_call/2
(krabb 0.1.0) lib/plug/debugger.ex:132: KrabbWeb.Endpoint."call (overridable 3)"/2
(krabb 0.1.0) lib/krabb_web/endpoint.ex:1: KrabbWeb.Endpoint.call/2
(phoenix 1.5.1) lib/phoenix/endpoint/cowboy2_handler.ex:64: Phoenix.Endpoint.Cowboy2Handler.init/4
(cowboy 2.7.0) /mnt/c/Users/bjark/source/repos/krabb-survey/deps/cowboy/src/cowboy_handler.erl:41: :cowboy_handler.execute/2
(cowboy 2.7.0) /mnt/c/Users/bjark/source/repos/krabb-survey/deps/cowboy/src/cowboy_stream_h.erl:320: :cowboy_stream_h.execute/3
(cowboy 2.7.0) /mnt/c/Users/bjark/source/repos/krabb-survey/deps/cowboy/src/cowboy_stream_h.erl:302: :cowboy_stream_h.request_process/3
(stdlib 3.13) proc_lib.erl:226: :proc_lib.init_p_do_apply/3

Not sure if this is an error with this library or with https://github.com/sntran/ueberauth_auth0

kbredemeier commented 4 years ago

Stumbled across the same issue. The latest release of hackney has sslv3 in the default options for supported protocol versions. The fix is already merged to master but there is no new release yet.

rupurt commented 4 years ago

Hackney 0.16.0 is now released with the fix https://github.com/benoitc/hackney/commits/1.16.0