libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS


From: Jesse Anderton
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Mon, 4 Jan 2010 11:27:10 -0500

I'm still struggling with this.  I can't get the code example from http://www.gnu.org/software/libmicrohttpd/tutorial.html#tlsauthentication_002ec working with either MHD_USE_SELECT_INTERNALLY or MHD_USE_THREAD_PER_CONNECTION: the program compiles and launches, but any browser I try to connect with waits indefinitely.  If I kill the server the browsers immediately give up, so I know they have an open socket to the server.

Does anybody have a working TLS example I could start from?  I'm almost out of time to add TLS to my web server, but I'd strongly prefer to use libmicrohttpd's built in support instead of re-implementing the feature in my own custom select handler.

Thanks for your time,

Jesse

On Thu, Dec 24, 2009 at 12:16 PM, Jesse Anderton <address@hidden> wrote:
Christian,

I decided to start with the example in the tutorial at http://www.gnu.org/software/libmicrohttpd/tutorial.html#tlsauthentication_002ec and incrementally change it until the code is set up the way I need it for my program.  To my surprise, the tutorial itself didn't work - Chrome reports:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): Unknown error

IE simply says it couldn't load the page.

This makes me think that my problem is more likely caused by, say, the version of libgcrypt I'm using.  I get the same error in both Linux and Solaris, so it seems unlikely to be one of the other system libraries I'm linking to.

Any idea which version of libgcrypt the code was tested with?

Thanks,

Jesse Anderton

On Wed, Dec 23, 2009 at 1:42 PM, Christian Grothoff <address@hidden> wrote:
Dear Jesse,

poll support was added after 0.4.4 (see ChangeLog).  The version constant in
SVN HEAD will be updated once we make the next release to allow for an easy
test for this feature.

And no, you do not need MHD_USE_POLL for MHD_USE_SELECT_INTERNALLY.

Best,

Christian

On Wednesday 23 December 2009 15:27:01 Jesse Anderton wrote:
> Christian,
>
> Thanks for your advice!  I tried replacing MHD_USE_SELECT_INTERNALLY
> with MHD_USE_THREAD_PER_CONNECTION and it failed with a different error.
>  Do I need to use this in conjunction with MHD_USE_POLL?  If so, do you
>  know whether this option is only available in the development version of
>  libmicrohttpd, or whether it's an option for configure to find?  It isn't
>  defined in my copy of microhttpd.h, but my copy has the same value for
>  MHD_VERSION as the version in the documentation at
> http://www.gnu.org/software/libmicrohttpd/doxygen/dc/d0c/microhttpd_8h_sour
> ce.html (which does include MHD_USE_POLL).  That is, both contain the line:
>
> #define MHD_VERSION 0x00040400
>
>
> Thanks again,
>
> Jesse Anderton
>
> On Tue, Dec 22, 2009 at 9:56 AM, Christian Grothoff
>
> <address@hidden>wrote:
> > SSL support is known to be not playing nicely with select -- this is
> > largely
> > an issue with gnuTLS and its API.  Until this is fixed, try using the
> > thread-
> > per-connection mode and most likely it'll work.
> >
> > Best,
> >
> > Christian
> >
> > On Monday 21 December 2009 19:34:21 Jesse Anderton wrote:
> > > I have just started using libmicrohttpd, and can't seem to get the SSL
> > > support working.  It may contribute to the problem that the library is
> > > not retrying gnutls_handshake() when it returns GNUTLS_E_AGAIN, as
> > > suggested in the documentation at
> >
> > http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#g
> >nu
> >
> > > tls_005fhandshake, but it seems likely that I'm making a mistake
> >
> > somewhere.
> >
> > > I am using the following library versions:
> > > * libmicrohttpd - 0.4.4
> > > * libgcrypt - 1.4.4
> > > * libgpg-error - 1.7
> > >
> > > I am using a wrapper class in C++ to invoke libmicrohttpd.  My code to
> > > start up the daemon is:
> > >
> > >         // std::string _httpsKey = contents of a RSA private key
> > >         // std::string _httpsCertificate = contents of a certificate
> > > for _httpsKey
> > >         _daemon = MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
> > >      // We don't need to implement our own select
> > >
> > >                                   | MHD_USE_DEBUG
> > >
> > >      // Output messages to the errorCallback
> > >
> > >                                   | ( _httpsKey.empty() ? 0 :
> > >
> > > MHD_USE_SSL ) // Enable SSL/TLS if so requested
> > >                                   , port
> > >                                   , &webClientAuthCallback, this
> > >                                   , &webCallback, this
> > >                                   , MHD_OPTION_THREAD_POOL_SIZE,
> > > _options[ THREAD_POOL_SIZE ]
> > >                                   , MHD_OPTION_CONNECTION_LIMIT,
> > > _options[ CONNECTION_LIMIT ]
> > >                                   ,
> > > MHD_OPTION_PER_IP_CONNECTION_LIMIT, _options[ PER_IP_CONNECTION_LIMIT
> > > ]
> > >                                   , MHD_OPTION_CONNECTION_TIMEOUT,
> > > _options[ CONNECTION_TIMEOUT ]
> > >                                   , MHD_OPTION_URI_LOG_CALLBACK,
> > > uriLogCallback, this
> > >                                   , MHD_OPTION_EXTERNAL_LOGGER,
> > > webErrorCallback, this
> > >                                   , MHD_OPTION_HTTPS_MEM_KEY,
> > >  _httpsKey.c_str() , MHD_OPTION_HTTPS_MEM_CERT,
> > > _httpsCertificate.c_str()
> > >                                   , MHD_OPTION_END );
> > >
> > > I am also using HTTP basic auth in webCallback(), using code very
> > > similar to that in the tutorial which has been proven to work without
> > > using TLS.
> > >
> > > The private key and certificate were both generated by the commands
> > > listed in the libmicrohttpd tutorial:
> > > openssl genrsa -out server.key 1024
> > > openssl req -days 365 -out server.pem -new -x509 -key server.key
> > >
> > > If I fetch a page with a URL like https://host:port/some/file.html I
> > > get the following messages in webErrorCallback():
> > >
> > > Google Chrome 4.0.249.30:
> > > Error: Handshake has failed (-28)
> > > Error: Handshake has failed (-28)
> > > Error: unrecognized TLS message type: 0, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Mozilla Firefox 3.5.5:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Microsoft Internet Explorer 6.0:
> > > Error: unrecognized TLS message type: 128, connection state: secure
> > > connection init. l: 254, f: MHD_tls_connection_handle_read
> > >
> > > Note that -28 is the value of GNUTLS_E_AGAIN.
> > >
> > > Can anyone offer a hand?
> > >
> > > Thanks for your time,
> > >
> > > Jesse Anderton
> >
> > --
> > http://grothoff.org/christian/
>

--
http://grothoff.org/christian/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]