libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS


From: address@hidden
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Tue, 05 Jan 2010 09:14:39 -0500

https://ng.gnunet.org/svn/libmicrohttpd/src/examples/https_fileserver_example.c
https://ng.gnunet.org/svn/libmicrohttpd/src/testcurl/https/tls_authentication_test.c

you can run the tls_authentication_test with 'make check'

On Mon, 2010-01-04 at 11:27 -0500, Jesse Anderton wrote:
> I'm still struggling with this.  I can't get the code example
> from 
> http://www.gnu.org/software/libmicrohttpd/tutorial.html#tlsauthentication_002ec
>  working with either MHD_USE_SELECT_INTERNALLY or 
> MHD_USE_THREAD_PER_CONNECTION: the program compiles and launches, but any 
> browser I try to connect with waits indefinitely.  If I kill the server the 
> browsers immediately give up, so I know they have an open socket to the 
> server.
> 
> 
> Does anybody have a working TLS example I could start from?  I'm
> almost out of time to add TLS to my web server, but I'd strongly
> prefer to use libmicrohttpd's built in support instead of
> re-implementing the feature in my own custom select handler.
> 
> 
> Thanks for your time,
> 
> 
> Jesse
> 
> On Thu, Dec 24, 2009 at 12:16 PM, Jesse Anderton
> <address@hidden> wrote:
>         Christian,
>         
>         
>         I decided to start with the example in the tutorial
>         at 
> http://www.gnu.org/software/libmicrohttpd/tutorial.html#tlsauthentication_002ec
>  and incrementally change it until the code is set up the way I need it for 
> my program.  To my surprise, the tutorial itself didn't work - Chrome reports:
>         
>         
>         Error 107 (net::ERR_SSL_PROTOCOL_ERROR): Unknown error
>         
>         
>         IE simply says it couldn't load the page.
>         
>         
>         This makes me think that my problem is more likely caused by,
>         say, the version of libgcrypt I'm using.  I get the same error
>         in both Linux and Solaris, so it seems unlikely to be one of
>         the other system libraries I'm linking to.
>         
>         
>         Any idea which version of libgcrypt the code was tested with?
>         
>         
>         Thanks,
>         
>         
>         Jesse Anderton
>         
>         
>         On Wed, Dec 23, 2009 at 1:42 PM, Christian Grothoff
>         <address@hidden> wrote:
>                 Dear Jesse,
>                 
>                 poll support was added after 0.4.4 (see ChangeLog).
>                  The version constant in
>                 SVN HEAD will be updated once we make the next release
>                 to allow for an easy
>                 test for this feature.
>                 
>                 And no, you do not need MHD_USE_POLL for
>                 MHD_USE_SELECT_INTERNALLY.
>                 
>                 Best,
>                 
>                 Christian
>                 
>                 
>                 On Wednesday 23 December 2009 15:27:01 Jesse Anderton
>                 wrote:
>                 > Christian,
>                 >
>                 > Thanks for your advice!  I tried replacing
>                 MHD_USE_SELECT_INTERNALLY
>                 > with MHD_USE_THREAD_PER_CONNECTION and it failed
>                 with a different error.
>                 >  Do I need to use this in conjunction with
>                 MHD_USE_POLL?  If so, do you
>                 >  know whether this option is only available in the
>                 development version of
>                 >  libmicrohttpd, or whether it's an option for
>                 configure to find?  It isn't
>                 >  defined in my copy of microhttpd.h, but my copy has
>                 the same value for
>                 >  MHD_VERSION as the version in the documentation at
>                 >
>                 
> http://www.gnu.org/software/libmicrohttpd/doxygen/dc/d0c/microhttpd_8h_sour
>                 > ce.html (which does include MHD_USE_POLL).  That is,
>                 both contain the line:
>                 >
>                 > #define MHD_VERSION 0x00040400
>                 >
>                 >
>                 > Thanks again,
>                 >
>                 > Jesse Anderton
>                 >
>                 > On Tue, Dec 22, 2009 at 9:56 AM, Christian Grothoff
>                 >
>                 > <address@hidden>wrote:
>                 > > SSL support is known to be not playing nicely with
>                 select -- this is
>                 > > largely
>                 > > an issue with gnuTLS and its API.  Until this is
>                 fixed, try using the
>                 > > thread-
>                 > > per-connection mode and most likely it'll work.
>                 > >
>                 > > Best,
>                 > >
>                 > > Christian
>                 > >
>                 > > On Monday 21 December 2009 19:34:21 Jesse Anderton
>                 wrote:
>                 > > > I have just started using libmicrohttpd, and
>                 can't seem to get the SSL
>                 > > > support working.  It may contribute to the
>                 problem that the library is
>                 > > > not retrying gnutls_handshake() when it returns
>                 GNUTLS_E_AGAIN, as
>                 > > > suggested in the documentation at
>                 > >
>                 > >
>                 
> http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#g
>                 > >nu
>                 > >
>                 > > > tls_005fhandshake, but it seems likely that I'm
>                 making a mistake
>                 > >
>                 > > somewhere.
>                 > >
>                 > > > I am using the following library versions:
>                 > > > * libmicrohttpd - 0.4.4
>                 > > > * libgcrypt - 1.4.4
>                 > > > * libgpg-error - 1.7
>                 > > >
>                 > > > I am using a wrapper class in C++ to invoke
>                 libmicrohttpd.  My code to
>                 > > > start up the daemon is:
>                 > > >
>                 > > >         // std::string _httpsKey = contents of a
>                 RSA private key
>                 > > >         // std::string _httpsCertificate =
>                 contents of a certificate
>                 > > > for _httpsKey
>                 > > >         _daemon =
>                 MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
>                 > > >      // We don't need to implement our own
>                 select
>                 > > >
>                 > > >                                   |
>                 MHD_USE_DEBUG
>                 > > >
>                 > > >      // Output messages to the errorCallback
>                 > > >
>                 > > >                                   |
>                 ( _httpsKey.empty() ? 0 :
>                 > > >
>                 > > > MHD_USE_SSL ) // Enable SSL/TLS if so requested
>                 > > >                                   , port
>                 > > >                                   ,
>                 &webClientAuthCallback, this
>                 > > >                                   ,
>                 &webCallback, this
>                 > > >                                   ,
>                 MHD_OPTION_THREAD_POOL_SIZE,
>                 > > > _options[ THREAD_POOL_SIZE ]
>                 > > >                                   ,
>                 MHD_OPTION_CONNECTION_LIMIT,
>                 > > > _options[ CONNECTION_LIMIT ]
>                 > > >                                   ,
>                 > > > MHD_OPTION_PER_IP_CONNECTION_LIMIT,
>                 _options[ PER_IP_CONNECTION_LIMIT
>                 > > > ]
>                 > > >                                   ,
>                 MHD_OPTION_CONNECTION_TIMEOUT,
>                 > > > _options[ CONNECTION_TIMEOUT ]
>                 > > >                                   ,
>                 MHD_OPTION_URI_LOG_CALLBACK,
>                 > > > uriLogCallback, this
>                 > > >                                   ,
>                 MHD_OPTION_EXTERNAL_LOGGER,
>                 > > > webErrorCallback, this
>                 > > >                                   ,
>                 MHD_OPTION_HTTPS_MEM_KEY,
>                 > > >  _httpsKey.c_str() , MHD_OPTION_HTTPS_MEM_CERT,
>                 > > > _httpsCertificate.c_str()
>                 > > >                                   ,
>                 MHD_OPTION_END );
>                 > > >
>                 > > > I am also using HTTP basic auth in
>                 webCallback(), using code very
>                 > > > similar to that in the tutorial which has been
>                 proven to work without
>                 > > > using TLS.
>                 > > >
>                 > > > The private key and certificate were both
>                 generated by the commands
>                 > > > listed in the libmicrohttpd tutorial:
>                 > > > openssl genrsa -out server.key 1024
>                 > > > openssl req -days 365 -out server.pem -new -x509
>                 -key server.key
>                 > > >
>                 > > > If I fetch a page with a URL like
>                 https://host:port/some/file.html I
>                 > > > get the following messages in
>                 webErrorCallback():
>                 > > >
>                 > > > Google Chrome 4.0.249.30:
>                 > > > Error: Handshake has failed (-28)
>                 > > > Error: Handshake has failed (-28)
>                 > > > Error: unrecognized TLS message type: 0,
>                 connection state: secure
>                 > > > connection init. l: 254, f:
>                 MHD_tls_connection_handle_read
>                 > > >
>                 > > > Mozilla Firefox 3.5.5:
>                 > > > Error: unrecognized TLS message type: 128,
>                 connection state: secure
>                 > > > connection init. l: 254, f:
>                 MHD_tls_connection_handle_read
>                 > > >
>                 > > > Microsoft Internet Explorer 6.0:
>                 > > > Error: unrecognized TLS message type: 128,
>                 connection state: secure
>                 > > > connection init. l: 254, f:
>                 MHD_tls_connection_handle_read
>                 > > >
>                 > > > Note that -28 is the value of GNUTLS_E_AGAIN.
>                 > > >
>                 > > > Can anyone offer a hand?
>                 > > >
>                 > > > Thanks for your time,
>                 > > >
>                 > > > Jesse Anderton
>                 > >
>                 > > --
>                 > > http://grothoff.org/christian/
>                 >
>                 
>                 
>                 --
>                 http://grothoff.org/christian/
>         
>         
> 
> 






reply via email to

[Prev in Thread] Current Thread [Next in Thread]