Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP

[Gerrit Telkamp]

Hi Christian,

thank you for your feedback!
Yes, I will make our changes available. But in order to flood the 
mailbox of everyone, I will send the files directly to you.
We would be very glad if our work helps others to find the bug.

Best regards

Gerrit.

Am 09.07.2010 12:28, schrieb Christian Grothoff:
> Hi Gerrit,
>
> The workaround with stunnel is known, but obviously not nice.  I'm thinking of
> adding support for passing the listen socket as an argument to MHD, that way
> one could at least use a UNIX domain socket for forwarding 443 to MHD (and
> also support systemd easily).
>
> Now, as for using GNUtls directly making things worse -- would you mind
> sharing the changes you made to MHD to use it with the newest GNUtls?  I
> might have a chance to sit down with some GNUtls hackers at GHM and use the
> opportunity to see where the problem is (and having that code at hand might
> be useful...).
>
> Thanks!
>
> Christian
>
> Am Thursday 08 July 2010 18:22:58 schrieb Gerrit Telkamp:
>    
> > Hi Christian,
> >
> > we have tried now to update the libmicrohttpd with the newest GnuTLS
> > version, but the SSL feature did not worked anymore - even for Firefox
> > browser.
> > Maybe we did something wrong, because the interface between
> > libmicrohttpd and GnuTLS is not really clear defined. So we had to
> > "hack" some method calls in libmicrohttpd, using the (new?) method named
> > of GnuTLS. It might be a good thing to have a single file as interface
> > between libmicrohttp and an external TLS implementation...
> >
> > But we found now a much simpler solution, that works well - we simply
> > start a "stunnel", what is a deamon establishing a SSL connection
> > between ports 443 and port 80. Our application using libmicrohttpd still
> > runs on port 80 and does not provide the SSL feature anymore.
> >
> > Thank you again for your help!
> >
> > Gerrit.
> >
> > Am 23.06.2010 10:53, schrieb Christian Grothoff:
> >      
> > > Hi Gerrit,
> > >
> > > But MHD includes its own (older?) version of GNUtls which may be
> > > different.  It would be interesting to see if chaning MHD to link against
> > > a current gnutls instead of using the version we included (which fixed
> > > some issues at the time) fixes the problem.
> > >
> > > Best,
> > >
> > > Christian
> > >
> > > On Wednesday 23 June 2010 10:21:39 you wrote:
> > >        
> > > > Dear Christian,
> > > >
> > > > thank you very much for your statement - it is very helpful.
> > > >
> > > > I hope to not repeat previous discussions again, but I have found out
> > > > that: - IE7 works with the GNUtls test site:
> > > > http://www.gnu.org/software/gnutls/server.html
> > > > - using the newest libgcrypt (ibgcrypt-1.4.5.zip, downloaded from
> > > > http://josefsson.org/gnutls4win/, date 17/06/10) does NOT help to get
> > > > the MHD application working.
> > > > ->   it seems that the bug is not in GNUtls
> > > >
> > > > Thank you again,
> > > >
> > > > Gerrit.
> > > >
> > > > Am 23.06.2010 10:00, schrieb Christian Grothoff:
> > > >          
> > > > > Dear Gerrit,
> > > > >
> > > > > As it has been mentioned on the mailinglist in the recent past, there
> > > > > are known issues with SSL (and in particular with IE).  At this point,
> > > > > I am not aware of a solution (other than starting a longer hacking
> > > > > session on the MHD/GNUtls code).
> > > > >
> > > > > Best,
> > > > >
> > > > > Christian
> > > > >
> > > > > On Sunday 20 June 2010 16:40:20 Gerrit Telkamp wrote:
> > > > >            
> > > > > > Hi,
> > > > > >
> > > > > > I have a problem using a libmicrohttpd application with HTTPS: I'm not
> > > > > > able to open the page with the Internet Explorer (IE7, IE8) on Windows
> > > > > > XP. Other browsers (Firefox, Opera, Safari) are working well with the
> > > > > > same application.
> > > > > >
> > > > > > MHD always gives the following message
> > > > > > "Error: unrecognized TLS message type: 128, connection state: secure
> > > > > > connection init. l: 254, f: MHD_tls_connection_handle_read "
> > > > > >
> > > > > > I've found out that the IEs on WinXP are not supporting AES-256, but
> > > > > > they support AES-128.
> > > > > > The option MHD_GNUTLS_CIPHER_ARCFOUR_128 (instad of
> > > > > > MHD_OPTION_CIPHER_ALGORITHM) does not help.
> > > > > > The same certificate and key files works on ther servers with IE, so
> > > > > > it seems to me that it is a problem with libmicrohttpd.
> > > > > >
> > > > > > Is there someone who got libmicrohttps successfully working with SSL
> > > > > > on IE browsers?
> > > > > > Are there any other options to be set?
> > > > > >
> > > > > > Thank you for your help,
> > > > > >
> > > > > > Gerrit.
> > > > > >
> > > > > > Versions:
> > > > > > - libmicrohttpd: version 0.4.5
> > > > > > - gcc version: 4.4.3, target: arm-none-linux-gnueabi
> > > > > >
> > > > > > Compiling options:
> > > > > > ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> > > > > >
> > > > > > ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> > > > > >
> > > > > >                 --disable-dev-random --with-gpg-error-prefix=/arm
> > > > > >
> > > > > > ./configure --prefix=/arm --host=arm-none-linux-gnueabi
> > > > > >
> > > > > >                 --enable-largefile --enable-messages --enable-https
> > > > > >                 --enable-client-side --disable-coverage
> > > > > >                 --with-libgcrypt-prefix=/arm
> > > > > >              
>
>
>