|
From: | Jesse Anderton |
Subject: | Re: [libmicrohttpd] Problems with SSL/TLS |
Date: | Fri, 19 Feb 2010 14:11:43 -0500 |
I have traced this to a problem selecting an appropriate cipher suite. Perhaps I didn't build libgcrypt with the correct suites enabled? I ran its configure script with just the --prefix and --with-gpg-error-prefix options. Should I configure it with support for any particular suites? Alternatively, am I supposed to be telling MHD which cipher suites to use?Here's the function call stack I'm observing:MHD__gnutls_handshake()MHD_gtls_handshake_server()MHD_gtls_recv_handshake()MHD_gtls_recv_hello()MHD__gnutls_read_client_hello()MHD_gtls_server_select_suite()The latter function returns -21 (which is GNUTLS_E_UNKNOWN_CIPHER_SUITE), and all the others pass that error up the stack. In case it's helpful, the rest of this message contains some debug output I generated by adding a bunch of printfs to gnutls_handshake.c and running tls_extension_test. The "*** cipher test" lines were inserted into MHD_gtls_server_select_suite() just before the memcmp() call which compares available ciphers. It appears that some of these comparisons succeed, so I think I probably just need to configure MHD correctly in my program.Thanks for your time,Jesse*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53HSK[889f400]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[889ea88]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[889ea88]: length32 (772)MHD_gtls_recv_handshake() returning with 772HSK[889ea88]: MHD__gnutls_recv_handshake_header() failed (-19)MHD_gtls_recv_handshake() returning with 0HSK[889f400]: length32 (258)MHD_gtls_recv_handshake() returning with 258HSK[889f400]: length32 (12)MHD_gtls_recv_handshake() returning with 12HSK[889ea88]: length32 (12)MHD_gtls_recv_handshake() returning with 12*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47HSK[88acfd8]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)HSK[88acfd8]: MHD_gtls_server_select_suite failed (-21)HSK[88acfd8]: MHD__gnutls_read_client_hello() failed (-21)HSK[88acfd8]: MHD_gtls_recv_hello() failed (-21)MHD_gtls_recv_handshake() returning with -21HSK[88acfd8]: recv hello (-21)Error: Handshake has failed (-21)curl_easy_perform failed: `SSL connect error'*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53HSK[889e6d0]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: length32 (772)MHD_gtls_recv_handshake() returning with 772HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)MHD_gtls_recv_handshake() returning with 0HSK[889e6d0]: length32 (258)MHD_gtls_recv_handshake() returning with 258HSK[889e6d0]: length32 (12)MHD_gtls_recv_handshake() returning with 12HSK[b7e5d6e8]: length32 (12)MHD_gtls_recv_handshake() returning with 12*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47HSK[889f048]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)HSK[889f048]: MHD_gtls_server_select_suite failed (-21)HSK[889f048]: MHD__gnutls_read_client_hello() failed (-21)HSK[889f048]: MHD_gtls_recv_hello() failed (-21)MHD_gtls_recv_handshake() returning with -21HSK[889f048]: recv hello (-21)Error: Handshake has failed (-21)curl_easy_perform failed: `SSL connect error'*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53HSK[88b8508]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: length32 (772)MHD_gtls_recv_handshake() returning with 772HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)MHD_gtls_recv_handshake() returning with 0HSK[88b8508]: length32 (258)MHD_gtls_recv_handshake() returning with 258HSK[88b8508]: length32 (12)MHD_gtls_recv_handshake() returning with 12HSK[b7e5d6e8]: length32 (12)MHD_gtls_recv_handshake() returning with 12*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47HSK[889dd30]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)HSK[889dd30]: MHD_gtls_server_select_suite failed (-21)HSK[889dd30]: MHD__gnutls_read_client_hello() failed (-21)HSK[889dd30]: MHD_gtls_recv_hello() failed (-21)MHD_gtls_recv_handshake() returning with -21HSK[889dd30]: recv hello (-21)Error: Handshake has failed (-21)curl_easy_perform failed: `SSL connect error'*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53HSK[889e6a8]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)MHD_gtls_recv_handshake() returning with 0HSK[b7e5d6e8]: length32 (772)MHD_gtls_recv_handshake() returning with 772HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)MHD_gtls_recv_handshake() returning with 0HSK[889e6a8]: length32 (258)MHD_gtls_recv_handshake() returning with 258HSK[889e6a8]: length32 (12)MHD_gtls_recv_handshake() returning with 12HSK[b7e5d6e8]: length32 (12)MHD_gtls_recv_handshake() returning with 12*** cipher lookup: datalen: 2; x: 1*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47HSK[889dd30]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)HSK[889dd30]: MHD_gtls_server_select_suite failed (-21)HSK[889dd30]: MHD__gnutls_read_client_hello() failed (-21)HSK[889dd30]: MHD_gtls_recv_hello() failed (-21)MHD_gtls_recv_handshake() returning with -21HSK[889dd30]: recv hello (-21)Error: Handshake has failed (-21)curl_easy_perform failed: `SSL connect error'
[Prev in Thread] | Current Thread | [Next in Thread] |