|
From: | Jesse Anderton |
Subject: | Re: [libmicrohttpd] Problems with SSL/TLS |
Date: | Wed, 17 Feb 2010 18:53:19 -0500 |
$ ./configure --prefix /home/jesse/tmp/libLinux --enable-messages --enable-curl --with-libgcrypt-prefix=/home/jesse/tmp/libLinux --with-libcurl=/home/jesse/tmp/libLinux
...checking for /home/jesse/tmp/libLinux/bin/curl-config... nochecking whether libcurl is usable... no...configure: Configuration Summary:Operating System: linux-gnuTarget directory: /home/jesse/tmp/libLinuxMessages: yeslibgcrypt: yeslibcurl (testing): no, many unit tests will not runHTTPS support: yesconfigure: HTTPS subsystem configuration:Client code dep.: disabled. running some test cases won't be possibleLicense : LGPL only
$ /home/jesse/tmp/libLinux/bin/curl-config --versionlibcurl 7.19.7
$ /home/jesse/tmp/libLinux/bin/curl-config --featureSSLIPv6libzNTLM
Christian,Thanks a lot for checking this out for me! I'm not sure what I'm doing differently, but now I know that the code should work. I was a little concerned since the documentation for MHD_USE_SSL at http://www.gnu.org/software/libmicrohttpd/microhttpd.html#SEC2 indicates that SSL is not yet supported. Most likely that comment just needs to be updated.Here's what happens when I attempt to duplicate your test:1. I copied the server.* files you sent along with the latest tlsauthentication.c from svn HEAD into a folder. I added MHD_USE_DEBUG in order to get the output below (it fails either way).2. I compiled the program like so (using g++ 3.3.3):gcc -o fs tlsauthentication.c -Iinclude -lmicrohttpd -lgcrypt -lgpg-error -lsocket -lpthread -L~/dev/ext/lib/solaris_gcc3/staticNote that I am linking statically, so I had to add a couple more libraries. I am also not using make install (because of company policies) so I have to provide an explicit path to these libraries.3. I start the program and browse to https://testhost:8888/something.html. The browser appears to wait indefinitely to complete the SSL handshake.4. I press Enter on the terminal running fs to stop it. The browser immediately gives up. fs outputs the following:Error: Handshake has failed (-28)I tried this with MHD_USE_THREAD_PER_CONNECTION and with MHD_USE_SELECT_INTERNALLY and got the same results in both modes.Perhaps I'm missing a library? I ran ldd on fs so you could compare it to yours and got:$ldd fslibsocket.so.1 => /usr/lib/libsocket.so.1libpthread.so.1 => /usr/lib/libpthread.so.1libc.so.1 => /usr/lib/libc.so.1libnsl.so.1 => /usr/lib/libnsl.so.1libdl.so.1 => /usr/lib/libdl.so.1libmp.so.2 => /usr/lib/libmp.so.2libthread.so.1 => /usr/lib/libthread.so.1/usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1In case it's relevant, I'm compiling with g++ 3.3.3.Kind regards,JesseOn Tue, Jan 5, 2010 at 10:37 AM, Christian Grothoff <address@hidden> wrote:
Dear Jesse,
I've just tried this myself, and it worked as expected. I first used openssl
to generate the KEY, PEM and CERT files:
$ cd svn/libmicrohttpd/doc/examples/
$ openssl genrsa 1024 > server.key
$ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.cert
$ cat server.cert server.key > server.pem
Then I compiled the example
$ gcc -o fs tlsauthentication.c -I ~/include/ -I ../../src/include/ -I ../.. -
I ../daemon/https/ -lmicrohttpd
Started fs
$ ./fs
and then accessed https://localhost:8888/ using firefox (3.5.6). It "warned"
me about the self-signed cert (also attached for your reference), I confirmed
that I knew what I was doing, then was prompted for username & password
(entered those from the source code) and then got the "secret" page.
So I cannot confirm your problem. This was on Ubuntu GNU/linux (karmic) using
the example as given in SVN HEAD.
I hope this helps...
Best,
Christian
[Prev in Thread] | Current Thread | [Next in Thread] |