libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP

From: Christian Grothoff
Subject: Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP
Date: Fri, 9 Jul 2010 12:28:20 +0200
User-agent: KMail/1.9.9 
Hi Gerrit,

The workaround with stunnel is known, but obviously not nice.  I'm thinking of 
adding support for passing the listen socket as an argument to MHD, that way 
one could at least use a UNIX domain socket for forwarding 443 to MHD (and 
also support systemd easily).  

Now, as for using GNUtls directly making things worse -- would you mind 
sharing the changes you made to MHD to use it with the newest GNUtls?  I 
might have a chance to sit down with some GNUtls hackers at GHM and use the 
opportunity to see where the problem is (and having that code at hand might 
be useful...).

Thanks!

Christian

Am Thursday 08 July 2010 18:22:58 schrieb Gerrit Telkamp:
> Hi Christian,
>
> we have tried now to update the libmicrohttpd with the newest GnuTLS
> version, but the SSL feature did not worked anymore - even for Firefox
> browser.
> Maybe we did something wrong, because the interface between
> libmicrohttpd and GnuTLS is not really clear defined. So we had to
> "hack" some method calls in libmicrohttpd, using the (new?) method named
> of GnuTLS. It might be a good thing to have a single file as interface
> between libmicrohttp and an external TLS implementation...
>
> But we found now a much simpler solution, that works well - we simply
> start a "stunnel", what is a deamon establishing a SSL connection
> between ports 443 and port 80. Our application using libmicrohttpd still
> runs on port 80 and does not provide the SSL feature anymore.
>
> Thank you again for your help!
>
> Gerrit.
>
> Am 23.06.2010 10:53, schrieb Christian Grothoff:
> > Hi Gerrit,
> >
> > But MHD includes its own (older?) version of GNUtls which may be
> > different.  It would be interesting to see if chaning MHD to link against
> > a current gnutls instead of using the version we included (which fixed
> > some issues at the time) fixes the problem.
> >
> > Best,
> >
> > Christian
> >
> > On Wednesday 23 June 2010 10:21:39 you wrote:
> >> Dear Christian,
> >>
> >> thank you very much for your statement - it is very helpful.
> >>
> >> I hope to not repeat previous discussions again, but I have found out
> >> that: - IE7 works with the GNUtls test site:
> >> http://www.gnu.org/software/gnutls/server.html
> >> - using the newest libgcrypt (ibgcrypt-1.4.5.zip, downloaded from
> >> http://josefsson.org/gnutls4win/, date 17/06/10) does NOT help to get
> >> the MHD application working.
> >> ->  it seems that the bug is not in GNUtls
> >>
> >> Thank you again,
> >>
> >> Gerrit.
> >>
> >> Am 23.06.2010 10:00, schrieb Christian Grothoff:
> >>> Dear Gerrit,
> >>>
> >>> As it has been mentioned on the mailinglist in the recent past, there
> >>> are known issues with SSL (and in particular with IE).  At this point,
> >>> I am not aware of a solution (other than starting a longer hacking
> >>> session on the MHD/GNUtls code).
> >>>
> >>> Best,
> >>>
> >>> Christian
> >>>
> >>> On Sunday 20 June 2010 16:40:20 Gerrit Telkamp wrote:
> >>>> Hi,
> >>>>
> >>>> I have a problem using a libmicrohttpd application with HTTPS: I'm not
> >>>> able to open the page with the Internet Explorer (IE7, IE8) on Windows
> >>>> XP. Other browsers (Firefox, Opera, Safari) are working well with the
> >>>> same application.
> >>>>
> >>>> MHD always gives the following message
> >>>> "Error: unrecognized TLS message type: 128, connection state: secure
> >>>> connection init. l: 254, f: MHD_tls_connection_handle_read "
> >>>>
> >>>> I've found out that the IEs on WinXP are not supporting AES-256, but
> >>>> they support AES-128.
> >>>> The option MHD_GNUTLS_CIPHER_ARCFOUR_128 (instad of
> >>>> MHD_OPTION_CIPHER_ALGORITHM) does not help.
> >>>> The same certificate and key files works on ther servers with IE, so
> >>>> it seems to me that it is a problem with libmicrohttpd.
> >>>>
> >>>> Is there someone who got libmicrohttps successfully working with SSL
> >>>> on IE browsers?
> >>>> Are there any other options to be set?
> >>>>
> >>>> Thank you for your help,
> >>>>
> >>>> Gerrit.
> >>>>
> >>>> Versions:
> >>>> - libmicrohttpd: version 0.4.5
> >>>> - gcc version: 4.4.3, target: arm-none-linux-gnueabi
> >>>>
> >>>> Compiling options:
> >>>> ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> >>>>
> >>>> ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> >>>>
> >>>>                --disable-dev-random --with-gpg-error-prefix=/arm
> >>>>
> >>>> ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> >>>>
> >>>>                --enable-largefile --enable-messages --enable-https
> >>>>                --enable-client-side --disable-coverage
> >>>>                --with-libgcrypt-prefix=/arm
reply via email to
[Prev in Thread] Current Thread [Next in Thread]