libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Problems with SSL/TLS

From: Jesse Anderton
Subject: [libmicrohttpd] Problems with SSL/TLS
Date: Mon, 21 Dec 2009 13:34:21 -0500 
I have just started using libmicrohttpd, and can't seem to get the SSL
support working.  It may contribute to the problem that the library is
not retrying gnutls_handshake() when it returns GNUTLS_E_AGAIN, as
suggested in the documentation at
http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnutls_005fhandshake,
but it seems likely that I'm making a mistake somewhere.

I am using the following library versions:
* libmicrohttpd - 0.4.4
* libgcrypt - 1.4.4
* libgpg-error - 1.7

I am using a wrapper class in C++ to invoke libmicrohttpd.  My code to
start up the daemon is:

        // std::string _httpsKey = contents of a RSA private key
        // std::string _httpsCertificate = contents of a certificate
for _httpsKey
        _daemon = MHD_start_daemon( MHD_USE_SELECT_INTERNALLY
     // We don't need to implement our own select
                                  | MHD_USE_DEBUG
     // Output messages to the errorCallback
                                  | ( _httpsKey.empty() ? 0 :
MHD_USE_SSL ) // Enable SSL/TLS if so requested
                                  , port
                                  , &webClientAuthCallback, this
                                  , &webCallback, this
                                  , MHD_OPTION_THREAD_POOL_SIZE,
_options[ THREAD_POOL_SIZE ]
                                  , MHD_OPTION_CONNECTION_LIMIT,
_options[ CONNECTION_LIMIT ]
                                  ,
MHD_OPTION_PER_IP_CONNECTION_LIMIT, _options[ PER_IP_CONNECTION_LIMIT
]
                                  , MHD_OPTION_CONNECTION_TIMEOUT,
_options[ CONNECTION_TIMEOUT ]
                                  , MHD_OPTION_URI_LOG_CALLBACK,
uriLogCallback, this
                                  , MHD_OPTION_EXTERNAL_LOGGER,
webErrorCallback, this
                                  , MHD_OPTION_HTTPS_MEM_KEY, _httpsKey.c_str()
                                  , MHD_OPTION_HTTPS_MEM_CERT,
_httpsCertificate.c_str()
                                  , MHD_OPTION_END );

I am also using HTTP basic auth in webCallback(), using code very
similar to that in the tutorial which has been proven to work without
using TLS.

The private key and certificate were both generated by the commands
listed in the libmicrohttpd tutorial:
openssl genrsa -out server.key 1024
openssl req -days 365 -out server.pem -new -x509 -key server.key

If I fetch a page with a URL like https://host:port/some/file.html I
get the following messages in webErrorCallback():

Google Chrome 4.0.249.30:
Error: Handshake has failed (-28)
Error: Handshake has failed (-28)
Error: unrecognized TLS message type: 0, connection state: secure
connection init. l: 254, f: MHD_tls_connection_handle_read

Mozilla Firefox 3.5.5:
Error: unrecognized TLS message type: 128, connection state: secure
connection init. l: 254, f: MHD_tls_connection_handle_read

Microsoft Internet Explorer 6.0:
Error: unrecognized TLS message type: 128, connection state: secure
connection init. l: 254, f: MHD_tls_connection_handle_read

Note that -28 is the value of GNUTLS_E_AGAIN.

Can anyone offer a hand?

Thanks for your time,

Jesse Anderton
reply via email to
[Prev in Thread] Current Thread [Next in Thread]