libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS


From: Christian Grothoff
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Wed, 23 Dec 2009 19:42:30 +0100
User-agent: KMail/1.12.4 (Linux/2.6.31-1-amd64; KDE/4.3.4; x86_64; ; )

Dear Jesse,

poll support was added after 0.4.4 (see ChangeLog).  The version constant in 
SVN HEAD will be updated once we make the next release to allow for an easy 
test for this feature.

And no, you do not need MHD_USE_POLL for MHD_USE_SELECT_INTERNALLY.  

Best,

Christian

On Wednesday 23 December 2009 15:27:01 Jesse Anderton wrote:
> Christian,
> 
> Thanks for your advice!  I tried replacing MHD_USE_SELECT_INTERNALLY
> with MHD_USE_THREAD_PER_CONNECTION and it failed with a different error. 
>  Do I need to use this in conjunction with MHD_USE_POLL?  If so, do you
>  know whether this option is only available in the development version of
>  libmicrohttpd, or whether it's an option for configure to find?  It isn't
>  defined in my copy of microhttpd.h, but my copy has the same value for
>  MHD_VERSION as the version in the documentation at
> http://www.gnu.org/software/libmicrohttpd/doxygen/dc/d0c/microhttpd_8h_sour
> ce.html (which does include MHD_USE_POLL).  That is, both contain the line:
> 
> #define MHD_VERSION 0x00040400
> 
> 
> Thanks again,
> 
> Jesse Anderton
> 
> On Tue, Dec 22, 2009 at 9:56 AM, Christian Grothoff
> 
> <address@hidden>wrote:
> > SSL support is known to be not playing nicely with select -- this is
> > largely
> > an issue with gnuTLS and its API.  Until this is fixed, try using the
> > thread-
> > per-connection mode and most likely it'll work.
> >
> > Best,
> >
> > Christian
> >
> > On Monday 21 December 2009 19:34:21 Jesse Anderton wrote:
> > > I have just started using libmicrohttpd, and can't seem to get the SSL
> > > support working.  It may contribute to the problem that the library is
> > > not retrying gnutls_handshake() when it returns GNUTLS_E_AGAIN, as
> > > suggested in the documentation at
> >
> > http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#g
> >nu
> >
> > > tls_005fhandshake, but it seems likely that I'm making a mistake
> >
> > somewhere.
> >
> > > I am using the following library versions:
> > > * libmicrohttpd - 0.4.4
> > > * libgcrypt - 1.4.4
> > > * libgpg-error - 1.7
> > >
> > > I am using a wrapper class in C++ to invoke libmicrohttpd.  My code to
> > > start up the daemon is:
> > >
> > >         // std::string _httpsKey = contents of a RSA private key
> > >         // std::string _httpsCertificate = contents of a certificate
> > > for _httpsKey
> > >         _daemon = MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
> > >      // We don't need to implement our own select
> > >
> > >                                   | MHD_USE_DEBUG
> > >
> > >      // Output messages to the errorCallback
> > >
> > >                                   | ( _httpsKey.empty() ? 0 :
> > >
> > > MHD_USE_SSL ) // Enable SSL/TLS if so requested
> > >                                   , port
> > >                                   , &webClientAuthCallback, this
> > >                                   , &webCallback, this
> > >                                   , MHD_OPTION_THREAD_POOL_SIZE,
> > > _options[ THREAD_POOL_SIZE ]
> > >                                   , MHD_OPTION_CONNECTION_LIMIT,
> > > _options[ CONNECTION_LIMIT ]
> > >                                   ,
> > > MHD_OPTION_PER_IP_CONNECTION_LIMIT, _options[ PER_IP_CONNECTION_LIMIT
> > > ]
> > >                                   , MHD_OPTION_CONNECTION_TIMEOUT,
> > > _options[ CONNECTION_TIMEOUT ]
> > >                                   , MHD_OPTION_URI_LOG_CALLBACK,
> > > uriLogCallback, this
> > >                                   , MHD_OPTION_EXTERNAL_LOGGER,
> > > webErrorCallback, this
> > >                                   , MHD_OPTION_HTTPS_MEM_KEY,
> > >  _httpsKey.c_str() , MHD_OPTION_HTTPS_MEM_CERT,
> > > _httpsCertificate.c_str()
> > >                                   , MHD_OPTION_END );
> > >
> > > I am also using HTTP basic auth in webCallback(), using code very
> > > similar to that in the tutorial which has been proven to work without
> > > using TLS.
> > >
> > > The private key and certificate were both generated by the commands
> > > listed in the libmicrohttpd tutorial:
> > > openssl genrsa -out server.key 1024
> > > openssl req -days 365 -out server.pem -new -x509 -key server.key
> > >
> > > If I fetch a page with a URL like https://host:port/some/file.html I
> > > get the following messages in webErrorCallback():
> > >
> > > Google Chrome 4.0.249.30:
> > > Error: Handshake has failed (-28)
> > > Error: Handshake has failed (-28)
> > > Error: unrecognized TLS message type: 0, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Mozilla Firefox 3.5.5:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Microsoft Internet Explorer 6.0:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Note that -28 is the value of GNUTLS_E_AGAIN.
> > >
> > > Can anyone offer a hand?
> > >
> > > Thanks for your time,
> > >
> > > Jesse Anderton
> >
> > --
> > http://grothoff.org/christian/
> 

-- 
http://grothoff.org/christian/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]