|
From: | Gerrit Telkamp |
Subject: | Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP |
Date: | Wed, 14 Jul 2010 14:49:16 +0200 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5 |
Hi Christian, thank you for your feedback!Yes, I will make our changes available. But in order to flood the mailbox of everyone, I will send the files directly to you.
We would be very glad if our work helps others to find the bug. Best regards Gerrit. Am 09.07.2010 12:28, schrieb Christian Grothoff:
Hi Gerrit, The workaround with stunnel is known, but obviously not nice. I'm thinking of adding support for passing the listen socket as an argument to MHD, that way one could at least use a UNIX domain socket for forwarding 443 to MHD (and also support systemd easily). Now, as for using GNUtls directly making things worse -- would you mind sharing the changes you made to MHD to use it with the newest GNUtls? I might have a chance to sit down with some GNUtls hackers at GHM and use the opportunity to see where the problem is (and having that code at hand might be useful...). Thanks! Christian Am Thursday 08 July 2010 18:22:58 schrieb Gerrit Telkamp:Hi Christian, we have tried now to update the libmicrohttpd with the newest GnuTLS version, but the SSL feature did not worked anymore - even for Firefox browser. Maybe we did something wrong, because the interface between libmicrohttpd and GnuTLS is not really clear defined. So we had to "hack" some method calls in libmicrohttpd, using the (new?) method named of GnuTLS. It might be a good thing to have a single file as interface between libmicrohttp and an external TLS implementation... But we found now a much simpler solution, that works well - we simply start a "stunnel", what is a deamon establishing a SSL connection between ports 443 and port 80. Our application using libmicrohttpd still runs on port 80 and does not provide the SSL feature anymore. Thank you again for your help! Gerrit. Am 23.06.2010 10:53, schrieb Christian Grothoff:Hi Gerrit, But MHD includes its own (older?) version of GNUtls which may be different. It would be interesting to see if chaning MHD to link against a current gnutls instead of using the version we included (which fixed some issues at the time) fixes the problem. Best, Christian On Wednesday 23 June 2010 10:21:39 you wrote:Dear Christian, thank you very much for your statement - it is very helpful. I hope to not repeat previous discussions again, but I have found out that: - IE7 works with the GNUtls test site: http://www.gnu.org/software/gnutls/server.html - using the newest libgcrypt (ibgcrypt-1.4.5.zip, downloaded from http://josefsson.org/gnutls4win/, date 17/06/10) does NOT help to get the MHD application working. -> it seems that the bug is not in GNUtls Thank you again, Gerrit. Am 23.06.2010 10:00, schrieb Christian Grothoff:Dear Gerrit, As it has been mentioned on the mailinglist in the recent past, there are known issues with SSL (and in particular with IE). At this point, I am not aware of a solution (other than starting a longer hacking session on the MHD/GNUtls code). Best, Christian On Sunday 20 June 2010 16:40:20 Gerrit Telkamp wrote:Hi, I have a problem using a libmicrohttpd application with HTTPS: I'm not able to open the page with the Internet Explorer (IE7, IE8) on Windows XP. Other browsers (Firefox, Opera, Safari) are working well with the same application. MHD always gives the following message "Error: unrecognized TLS message type: 128, connection state: secure connection init. l: 254, f: MHD_tls_connection_handle_read " I've found out that the IEs on WinXP are not supporting AES-256, but they support AES-128. The option MHD_GNUTLS_CIPHER_ARCFOUR_128 (instad of MHD_OPTION_CIPHER_ALGORITHM) does not help. The same certificate and key files works on ther servers with IE, so it seems to me that it is a problem with libmicrohttpd. Is there someone who got libmicrohttps successfully working with SSL on IE browsers? Are there any other options to be set? Thank you for your help, Gerrit. Versions: - libmicrohttpd: version 0.4.5 - gcc version: 4.4.3, target: arm-none-linux-gnueabi Compiling options: ./configure --prefix=/arm --host=arm-none-linux-gnueabi ./configure --prefix=/arm --host=arm-none-linux-gnueabi --disable-dev-random --with-gpg-error-prefix=/arm ./configure --prefix=/arm --host=arm-none-linux-gnueabi --enable-largefile --enable-messages --enable-https --enable-client-side --disable-coverage --with-libgcrypt-prefix=/arm
[Prev in Thread] | Current Thread | [Next in Thread] |