On Wednesday 23 December 2009 15:27:01 Jesse Anderton wrote:
> Christian,
>
> Thanks for your advice! I tried replacing MHD_USE_SELECT_INTERNALLY
> with MHD_USE_THREAD_PER_CONNECTION and it failed with a different error.
> Do I need to use this in conjunction with MHD_USE_POLL? If so, do you
> know whether this option is only available in the development version of
> libmicrohttpd, or whether it's an option for configure to find? It isn't
> defined in my copy of microhttpd.h, but my copy has the same value for
> MHD_VERSION as the version in the documentation at
>
http://www.gnu.org/software/libmicrohttpd/doxygen/dc/d0c/microhttpd_8h_sour
> ce.html (which does include MHD_USE_POLL). That is, both contain the line:
>
> #define MHD_VERSION 0x00040400
>
>
> Thanks again,
>
> Jesse Anderton
>
> On Tue, Dec 22, 2009 at 9:56 AM, Christian Grothoff
>
> <
address@hidden>wrote:
> > SSL support is known to be not playing nicely with select -- this is
> > largely
> > an issue with gnuTLS and its API. Until this is fixed, try using the
> > thread-
> > per-connection mode and most likely it'll work.
> >
> > Best,
> >
> > Christian
> >
> > On Monday 21 December 2009 19:34:21 Jesse Anderton wrote:
> > > I have just started using libmicrohttpd, and can't seem to get the SSL
> > > support working. It may contribute to the problem that the library is
> > > not retrying gnutls_handshake() when it returns GNUTLS_E_AGAIN, as
> > > suggested in the documentation at
> >
> >
http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#g
> >nu
> >
> > > tls_005fhandshake, but it seems likely that I'm making a mistake
> >
> > somewhere.
> >
> > > I am using the following library versions:
> > > * libmicrohttpd - 0.4.4
> > > * libgcrypt - 1.4.4
> > > * libgpg-error - 1.7
> > >
> > > I am using a wrapper class in C++ to invoke libmicrohttpd. My code to
> > > start up the daemon is:
> > >
> > > // std::string _httpsKey = contents of a RSA private key
> > > // std::string _httpsCertificate = contents of a certificate
> > > for _httpsKey
> > > _daemon = MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
> > > // We don't need to implement our own select
> > >
> > > | MHD_USE_DEBUG
> > >
> > > // Output messages to the errorCallback
> > >
> > > | ( _httpsKey.empty() ? 0 :
> > >
> > > MHD_USE_SSL ) // Enable SSL/TLS if so requested
> > > , port
> > > , &webClientAuthCallback, this
> > > , &webCallback, this
> > > , MHD_OPTION_THREAD_POOL_SIZE,
> > > _options[ THREAD_POOL_SIZE ]
> > > , MHD_OPTION_CONNECTION_LIMIT,
> > > _options[ CONNECTION_LIMIT ]
> > > ,
> > > MHD_OPTION_PER_IP_CONNECTION_LIMIT, _options[ PER_IP_CONNECTION_LIMIT
> > > ]
> > > , MHD_OPTION_CONNECTION_TIMEOUT,
> > > _options[ CONNECTION_TIMEOUT ]
> > > , MHD_OPTION_URI_LOG_CALLBACK,
> > > uriLogCallback, this
> > > , MHD_OPTION_EXTERNAL_LOGGER,
> > > webErrorCallback, this
> > > , MHD_OPTION_HTTPS_MEM_KEY,
> > > _httpsKey.c_str() , MHD_OPTION_HTTPS_MEM_CERT,
> > > _httpsCertificate.c_str()
> > > , MHD_OPTION_END );
> > >
> > > I am also using HTTP basic auth in webCallback(), using code very
> > > similar to that in the tutorial which has been proven to work without
> > > using TLS.
> > >
> > > The private key and certificate were both generated by the commands
> > > listed in the libmicrohttpd tutorial:
> > > openssl genrsa -out server.key 1024
> > > openssl req -days 365 -out server.pem -new -x509 -key server.key
> > >
> > > If I fetch a page with a URL like https://host:port/some/file.html I
> > > get the following messages in webErrorCallback():
> > >
> > > Google Chrome
4.0.249.30:
> > > Error: Handshake has failed (-28)
> > > Error: Handshake has failed (-28)
> > > Error: unrecognized TLS message type: 0, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Mozilla Firefox 3.5.5:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Microsoft Internet Explorer 6.0:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Note that -28 is the value of GNUTLS_E_AGAIN.
> > >
> > > Can anyone offer a hand?
> > >
> > > Thanks for your time,
> > >
> > > Jesse Anderton
> >
> > --
> >
http://grothoff.org/christian/
>