libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS

From: Christian Grothoff
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Tue, 22 Dec 2009 15:56:33 +0100
User-agent: KMail/1.12.4 (Linux/2.6.31-1-amd64; KDE/4.3.4; x86_64; ; ) 
SSL support is known to be not playing nicely with select -- this is largely 
an issue with gnuTLS and its API.  Until this is fixed, try using the thread-
per-connection mode and most likely it'll work.

Best,

Christian

On Monday 21 December 2009 19:34:21 Jesse Anderton wrote:
> I have just started using libmicrohttpd, and can't seem to get the SSL
> support working.  It may contribute to the problem that the library is
> not retrying gnutls_handshake() when it returns GNUTLS_E_AGAIN, as
> suggested in the documentation at
> http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnu
> tls_005fhandshake, but it seems likely that I'm making a mistake somewhere.
> 
> I am using the following library versions:
> * libmicrohttpd - 0.4.4
> * libgcrypt - 1.4.4
> * libgpg-error - 1.7
> 
> I am using a wrapper class in C++ to invoke libmicrohttpd.  My code to
> start up the daemon is:
> 
>         // std::string _httpsKey = contents of a RSA private key
>         // std::string _httpsCertificate = contents of a certificate
> for _httpsKey
>         _daemon = MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
>      // We don't need to implement our own select
> 
>                                   | MHD_USE_DEBUG
> 
>      // Output messages to the errorCallback
> 
>                                   | ( _httpsKey.empty() ? 0 :
> 
> MHD_USE_SSL ) // Enable SSL/TLS if so requested
>                                   , port
>                                   , &webClientAuthCallback, this
>                                   , &webCallback, this
>                                   , MHD_OPTION_THREAD_POOL_SIZE,
> _options[ THREAD_POOL_SIZE ]
>                                   , MHD_OPTION_CONNECTION_LIMIT,
> _options[ CONNECTION_LIMIT ]
>                                   ,
> MHD_OPTION_PER_IP_CONNECTION_LIMIT, _options[ PER_IP_CONNECTION_LIMIT
> ]
>                                   , MHD_OPTION_CONNECTION_TIMEOUT,
> _options[ CONNECTION_TIMEOUT ]
>                                   , MHD_OPTION_URI_LOG_CALLBACK,
> uriLogCallback, this
>                                   , MHD_OPTION_EXTERNAL_LOGGER,
> webErrorCallback, this
>                                   , MHD_OPTION_HTTPS_MEM_KEY,
>  _httpsKey.c_str() , MHD_OPTION_HTTPS_MEM_CERT,
> _httpsCertificate.c_str()
>                                   , MHD_OPTION_END );
> 
> I am also using HTTP basic auth in webCallback(), using code very
> similar to that in the tutorial which has been proven to work without
> using TLS.
> 
> The private key and certificate were both generated by the commands
> listed in the libmicrohttpd tutorial:
> openssl genrsa -out server.key 1024
> openssl req -days 365 -out server.pem -new -x509 -key server.key
> 
> If I fetch a page with a URL like https://host:port/some/file.html I
> get the following messages in webErrorCallback():
> 
> Google Chrome 4.0.249.30:
> Error: Handshake has failed (-28)
> Error: Handshake has failed (-28)
> Error: unrecognized TLS message type: 0, connection state: secure
> connection init. l: 254, f: MHD_tls_connection_handle_read
> 
> Mozilla Firefox 3.5.5:
> Error: unrecognized TLS message type: 128, connection state: secure
> connection init. l: 254, f: MHD_tls_connection_handle_read
> 
> Microsoft Internet Explorer 6.0:
> Error: unrecognized TLS message type: 128, connection state: secure
> connection init. l: 254, f: MHD_tls_connection_handle_read
> 
> Note that -28 is the value of GNUTLS_E_AGAIN.
> 
> Can anyone offer a hand?
> 
> Thanks for your time,
> 
> Jesse Anderton
> 

-- 
http://grothoff.org/christian/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]