libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS

From: Jesse Anderton
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Tue, 5 Jan 2010 14:46:14 -0500
Christian,

Thanks a lot for checking this out for me!  I'm not sure what I'm doing differently, but now I know that the code should work.  I was a little concerned since the documentation for MHD_USE_SSL at http://www.gnu.org/software/libmicrohttpd/microhttpd.html#SEC2 indicates that SSL is not yet supported.  Most likely that comment just needs to be updated.

Here's what happens when I attempt to duplicate your test:

1. I copied the server.* files you sent along with the latest tlsauthentication.c from svn HEAD into a folder.  I added MHD_USE_DEBUG in order to get the output below (it fails either way).

2. I compiled the program like so (using g++ 3.3.3):

gcc -o fs tlsauthentication.c -Iinclude -lmicrohttpd -lgcrypt -lgpg-error -lsocket -lpthread -L~/dev/ext/lib/solaris_gcc3/static

Note that I am linking statically, so I had to add a couple more libraries.  I am also not using make install (because of company policies) so I have to provide an explicit path to these libraries.

3. I start the program and browse to https://testhost:8888/something.html.  The browser appears to wait indefinitely to complete the SSL handshake.

4. I press Enter on the terminal running fs to stop it.  The browser immediately gives up.  fs outputs the following:

Error: Handshake has failed (-28)

I tried this with MHD_USE_THREAD_PER_CONNECTION and with MHD_USE_SELECT_INTERNALLY and got the same results in both modes.

Perhaps I'm missing a library?  I ran ldd on fs so you could compare it to yours and got:

$ldd fs
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libpthread.so.1 =>       /usr/lib/libpthread.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libthread.so.1 =>        /usr/lib/libthread.so.1
        /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1

In case it's relevant, I'm compiling with g++ 3.3.3.

Kind regards,

Jesse

On Tue, Jan 5, 2010 at 10:37 AM, Christian Grothoff <address@hidden> wrote:
Dear Jesse,

I've just tried this myself, and it worked as expected.  I first used openssl
to generate the KEY, PEM and CERT files:

$ cd svn/libmicrohttpd/doc/examples/
$ openssl genrsa 1024 > server.key
$ openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.cert
$ cat server.cert server.key > server.pem

Then I compiled the example

$ gcc -o fs tlsauthentication.c -I ~/include/ -I ../../src/include/ -I ../.. -
I ../daemon/https/ -lmicrohttpd

Started fs

$ ./fs

and then accessed https://localhost:8888/ using firefox (3.5.6).  It "warned"
me about the self-signed cert (also attached for your reference), I confirmed
that I knew what I was doing, then was prompted for username & password
(entered those from the source code) and then got the "secret" page.

So I cannot confirm your problem.  This was on Ubuntu GNU/linux (karmic) using
the example as given in SVN HEAD.

I hope this helps...

Best,

Christian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]