|
From: | A. Mark |
Subject: | Re: [libmicrohttpd] digest auth TLS and POST |
Date: | Fri, 3 Jan 2014 20:03:35 -0800 |
On 01/04/2014 12:48 AM, A. Mark wrote:You might want to give details on what TLS implementation you're using for
> Hello,
>
> I'm using digest auth and TLS curently and I run into the issue with POST
> requests. This is how my acces_handler works currently:
>
> access_handler(...){
>
> check_initial_call...{
> setup POST processor
> setup other request specific structs}
>
> successive_calls{
> check digest auth and fail if necessary...
> handle requests POST,GET,DELETE etc...
> return html/xml pages}
> }
>
>
> I'm getting these:
>
> "Failed to receive data: A TLS fatal alert has been received."
>
> once in a while on GET requests.
the client --- and talk to the GnuTLS developers, as MHD really just leaves
the handshake to GnuTLS.
Maybe, I don't know anything about your client. Note that nonces also
> I'm also getting:
>
> MHD_INVALID_NONCE from MHD_digest_auth_check once in a while, not sure that
> this is normal for every other request. Seems like the client is not
> generating cnonce properly?
expire (eventually).
Well, it's a bit hard for me to analyze based on this --- you should
> POSTs always fails with:
>
> "Internal application error, closing connection."
>
> due to MHD_NO returned by MHD_queue_auth_fail_response.
probably first look at MHD_queue_auth_fail_response to figure out
why/where you get the error code from...
I'm not sure I understand, but note that the "MHD_Connection" is actually
> I'm able to run everything the if I run the access handler this way:
>
> access_handler(...){
>
> check_initial_call...{
> setup POST processor
> setup other request specific structs...
> check digest auth and fail if necessary{}
> }
>
> successive_calls{
> handle requests POST,GET,DELETE etc...}
> }
>
> however obviously each requests is handled by a new connection, not ideal...
mostly inaptly named --- "MHD_Connection" should really be called
"MHD_Request",
as the same TCP connection may persist over multiple "MHD_Connections". As
an application, you can currently not even really always tell if a second
request is using a fresh TCP/SSL connection, or using pipelining.
I'm not sure I understand what you mean by "connection context".
> The way it should work is that each request is authenticated once on the
> same connection context. Any suggestions are appreciated.
Finally, you might want to clue us into which version of MHD you're using,
and you might want to clarify if the issue disappears if you disable the
use of TLS. Naturally, providing a test case would also help me understand
your issue better.
Happy hacking!
Christian
[Prev in Thread] | Current Thread | [Next in Thread] |