[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Problems with SSL/TLS
From: |
Jesse Anderton |
Subject: |
Re: [libmicrohttpd] Problems with SSL/TLS |
Date: |
Tue, 5 Jan 2010 14:46:14 -0500 |
Christian,
Thanks a lot for checking this out for me! I'm not sure what I'm doing differently, but now I know that the code should work. I was a little concerned since the documentation for MHD_USE_SSL at
http://www.gnu.org/software/libmicrohttpd/microhttpd.html#SEC2 indicates that SSL is not yet supported. Most likely that comment just needs to be updated.
Here's what happens when I attempt to duplicate your test:
1. I copied the server.* files you sent along with the latest tlsauthentication.c from svn HEAD into a folder. I added MHD_USE_DEBUG in order to get the output below (it fails either way).
2. I compiled the program like so (using g++ 3.3.3):
gcc -o fs tlsauthentication.c -Iinclude -lmicrohttpd -lgcrypt -lgpg-error -lsocket -lpthread -L~/dev/ext/lib/solaris_gcc3/static
Note that I am linking statically, so I had to add a couple more libraries. I am also not using make install (because of company policies) so I have to provide an explicit path to these libraries.
4. I press Enter on the terminal running fs to stop it. The browser immediately gives up. fs outputs the following:
Error: Handshake has failed (-28)
I tried this with MHD_USE_THREAD_PER_CONNECTION and with MHD_USE_SELECT_INTERNALLY and got the same results in both modes.
Perhaps I'm missing a library? I ran ldd on fs so you could compare it to yours and got:
$ldd fs
libsocket.so.1 => /usr/lib/libsocket.so.1
libpthread.so.1 => /usr/lib/libpthread.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libthread.so.1 => /usr/lib/libthread.so.1
/usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
In case it's relevant, I'm compiling with g++ 3.3.3.
Kind regards,
Jesse
On Tue, Jan 5, 2010 at 10:37 AM, Christian Grothoff
<address@hidden> wrote:
Dear Jesse,
I've just tried this myself, and it worked as expected. I first used openssl
to generate the KEY, PEM and CERT files:
$ cd svn/libmicrohttpd/doc/examples/
$ openssl genrsa 1024 > server.key
$ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.cert
$ cat server.cert server.key > server.pem
Then I compiled the example
$ gcc -o fs tlsauthentication.c -I ~/include/ -I ../../src/include/ -I ../.. -
I ../daemon/https/ -lmicrohttpd
Started fs
$ ./fs
and then accessed https://localhost:8888/ using firefox (3.5.6). It "warned"
me about the self-signed cert (also attached for your reference), I confirmed
that I knew what I was doing, then was prompted for username & password
(entered those from the source code) and then got the "secret" page.
So I cannot confirm your problem. This was on Ubuntu GNU/linux (karmic) using
the example as given in SVN HEAD.
I hope this helps...
Best,
Christian