[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Problems with SSL/TLS
Re: [libmicrohttpd] Problems with SSL/TLS
Wed, 17 Feb 2010 18:53:19 -0500
I've finally found time to get back to TLS support in my web server. I'm having trouble getting it working either in Linux on an x86 or in Solaris on a SPARC. I decided to start tackling the problem by making sure the curl TLS tests all pass, so I downloaded and installed openssl and libcurl. However, I seem to have done something wrong: MHD's configure can't find libcurl.
I'm working in Linux, and have built all these libraries with --prefix /home/jesse/tmp/libLinux. If I run:
$ ./configure --prefix /home/jesse/tmp/libLinux --enable-messages --enable-curl --with-libgcrypt-prefix=/home/jesse/tmp/libLinux --with-libcurl=/home/jesse/tmp/libLinux
checking for /home/jesse/tmp/libLinux/bin/curl-config... no
checking whether libcurl is usable... no
configure: Configuration Summary:
Operating System: linux-gnu
Target directory: /home/jesse/tmp/libLinux
libcurl (testing): no, many unit tests will not run
configure: HTTPS subsystem configuration:
Client code dep.: disabled. running some test cases won't be possible
Curl is installed, however:
$ /home/jesse/tmp/libLinux/bin/curl-config --version
$ /home/jesse/tmp/libLinux/bin/curl-config --feature
Any idea what I should check to make configure see the library? For reference, I am using libmicrohttpd-0.4.5.
On Tue, Jan 5, 2010 at 2:46 PM, Jesse Anderton <address@hidden>
Thanks a lot for checking this out for me! I'm not sure what I'm doing differently, but now I know that the code should work. I was a little concerned since the documentation for MHD_USE_SSL at http://www.gnu.org/software/libmicrohttpd/microhttpd.html#SEC2
indicates that SSL is not yet supported. Most likely that comment just needs to be updated.
Here's what happens when I attempt to duplicate your test:
1. I copied the server.* files you sent along with the latest tlsauthentication.c from svn HEAD into a folder. I added MHD_USE_DEBUG in order to get the output below (it fails either way).
2. I compiled the program like so (using g++ 3.3.3):
gcc -o fs tlsauthentication.c -Iinclude -lmicrohttpd -lgcrypt -lgpg-error -lsocket -lpthread -L~/dev/ext/lib/solaris_gcc3/static
Note that I am linking statically, so I had to add a couple more libraries. I am also not using make install (because of company policies) so I have to provide an explicit path to these libraries.
4. I press Enter on the terminal running fs to stop it. The browser immediately gives up. fs outputs the following:
Error: Handshake has failed (-28)
I tried this with MHD_USE_THREAD_PER_CONNECTION and with MHD_USE_SELECT_INTERNALLY and got the same results in both modes.
Perhaps I'm missing a library? I ran ldd on fs so you could compare it to yours and got:
libsocket.so.1 => /usr/lib/libsocket.so.1
libpthread.so.1 => /usr/lib/libpthread.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libthread.so.1 => /usr/lib/libthread.so.1
In case it's relevant, I'm compiling with g++ 3.3.3.
On Tue, Jan 5, 2010 at 10:37 AM, Christian Grothoff <address@hidden>
I've just tried this myself, and it worked as expected. I first used openssl
to generate the KEY, PEM and CERT files:
$ cd svn/libmicrohttpd/doc/examples/
$ openssl genrsa 1024 > server.key
$ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.cert
$ cat server.cert server.key > server.pem
Then I compiled the example
$ gcc -o fs tlsauthentication.c -I ~/include/ -I ../../src/include/ -I ../.. -
I ../daemon/https/ -lmicrohttpd
and then accessed https://localhost:8888/ using firefox (3.5.6). It "warned"
me about the self-signed cert (also attached for your reference), I confirmed
that I knew what I was doing, then was prompted for username & password
(entered those from the source code) and then got the "secret" page.
So I cannot confirm your problem. This was on Ubuntu GNU/linux (karmic) using
the example as given in SVN HEAD.
I hope this helps...
- Re: [libmicrohttpd] Problems with SSL/TLS,
Jesse Anderton <=