libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS


From: Christian Grothoff
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Fri, 8 Jan 2010 10:58:13 +0100
User-agent: KMail/1.12.4 (Linux/2.6.31-1-amd64; KDE/4.3.4; x86_64; ; )

On Tuesday 05 January 2010 20:46:14 Jesse Anderton wrote:
> Christian,
> 
> Thanks a lot for checking this out for me!  I'm not sure what I'm doing
> differently, but now I know that the code should work.  I was a little
> concerned since the documentation for MHD_USE_SSL at
> http://www.gnu.org/software/libmicrohttpd/microhttpd.html#SEC2 indicates
> that SSL is not yet supported.  Most likely that comment just needs to be
> updated.

Right, in fact, I simply had to re-run texi2html and sync the webpage with 
what was in SVN to fix this.  Should be fixed now.
 
> Here's what happens when I attempt to duplicate your test:
> 
> 1. I copied the server.* files you sent along with the latest
> tlsauthentication.c from svn HEAD into a folder.  I added MHD_USE_DEBUG in
> order to get the output below (it fails either way).
> 
> 2. I compiled the program like so (using g++ 3.3.3):
> 
> gcc -o fs tlsauthentication.c -Iinclude -lmicrohttpd -lgcrypt -lgpg-error
> 
> > -lsocket -lpthread -L~/dev/ext/lib/solaris_gcc3/static
> 
> Note that I am linking statically, so I had to add a couple more libraries.
>  I am also not using make install (because of company policies) so I have
>  to provide an explicit path to these libraries.
> 
> 3. I start the program and browse to https://testhost:8888/something.html.
>  The browser appears to wait indefinitely to complete the SSL handshake.
> 
> 4. I press Enter on the terminal running fs to stop it.  The browser
> immediately gives up.  fs outputs the following:
> 
> Error: Handshake has failed (-28)
> 
> 
> I tried this with MHD_USE_THREAD_PER_CONNECTION and with
> MHD_USE_SELECT_INTERNALLY and got the same results in both modes.
> 
> Perhaps I'm missing a library?  I ran ldd on fs so you could compare it to
> yours and got:
> 
> $ldd fs
> 
>         libsocket.so.1 =>        /usr/lib/libsocket.so.1
> 
>         libpthread.so.1 =>       /usr/lib/libpthread.so.1
> 
>         libc.so.1 =>     /usr/lib/libc.so.1
> 
>         libnsl.so.1 =>   /usr/lib/libnsl.so.1
> 
>         libdl.so.1 =>    /usr/lib/libdl.so.1
> 
>         libmp.so.2 =>    /usr/lib/libmp.so.2
> 
>         libthread.so.1 =>        /usr/lib/libthread.so.1
> 
>         /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
> 
> 
> In case it's relevant, I'm compiling with g++ 3.3.3.

I don't think you are missing a library (you'd get the code dying with 
"unresolved symbol" or something like that).  Also, I'm not aware of any 
issues specific to any version of gcc/g++ --- the code is rather 
straightforward C code anyway.  

My best guess is actually related to what I see in your last line: Sun-Fire-
V210: I have never tested this on Solaris (OS) or Sparc (CPU), and my guess 
from that line is that you have both of those here. Furthermore, I doubt it is 
a Solaris issue and more likely something like a single (buggy) 64-bit big-
endian conversion which might cause this kind of trouble for UltraSparc/PPC 
archs only, and that's likely not been tested enough yet.   

So I'd suggest this: first try the same code on a GNU/Linux Intel/AMD system 
(and see if the Solaris browsers can access that site too!); then (maybe) 
check with Solaris/x86.  For debugging the issue once you have narrowed it 
down like this a bit, you might get better reporting from CURL as a HTTPS 
client (if you enable debugging).  

Happy hacking!

Christian
 
> Kind regards,
> 
> Jesse
> 
> On Tue, Jan 5, 2010 at 10:37 AM, Christian Grothoff
> 
> <address@hidden>wrote:
> > Dear Jesse,
> >
> > I've just tried this myself, and it worked as expected.  I first used
> > openssl
> > to generate the KEY, PEM and CERT files:
> >
> > $ cd svn/libmicrohttpd/doc/examples/
> > $ openssl genrsa 1024 > server.key
> > $ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key >
> > server.cert
> > $ cat server.cert server.key > server.pem
> >
> > Then I compiled the example
> >
> > $ gcc -o fs tlsauthentication.c -I ~/include/ -I ../../src/include/ -I
> > ../.. -
> > I ../daemon/https/ -lmicrohttpd
> >
> > Started fs
> >
> > $ ./fs
> >
> > and then accessed https://localhost:8888/ using firefox (3.5.6).  It
> > "warned"
> > me about the self-signed cert (also attached for your reference), I
> > confirmed
> > that I knew what I was doing, then was prompted for username & password
> > (entered those from the source code) and then got the "secret" page.
> >
> > So I cannot confirm your problem.  This was on Ubuntu GNU/linux (karmic)
> > using
> > the example as given in SVN HEAD.
> >
> > I hope this helps...
> >
> > Best,
> >
> > Christian
> 

-- 
http://grothoff.org/christian/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]