libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Problems with SSL/TLS


From: Jesse Anderton
Subject: Re: [libmicrohttpd] Problems with SSL/TLS
Date: Fri, 19 Feb 2010 12:41:11 -0500

I have traced this to a problem selecting an appropriate cipher suite.  Perhaps I didn't build libgcrypt with the correct suites enabled?  I ran its configure script with just the --prefix and --with-gpg-error-prefix options.  Should I configure it with support for any particular suites?  Alternatively, am I supposed to be telling MHD which cipher suites to use?

Here's the function call stack I'm observing:

MHD__gnutls_handshake()
MHD_gtls_handshake_server()
MHD_gtls_recv_handshake()
MHD_gtls_recv_hello()
MHD__gnutls_read_client_hello()
MHD_gtls_server_select_suite()

The latter function returns -21 (which is GNUTLS_E_UNKNOWN_CIPHER_SUITE), and all the others pass that error up the stack.  In case it's helpful, the rest of this message contains some debug output I generated by adding a bunch of printfs to gnutls_handshake.c and running tls_extension_test.  The "*** cipher test" lines were inserted into MHD_gtls_server_select_suite() just before the memcmp() call which compares available ciphers.  It appears that some of these comparisons succeed, so I think I probably just need to configure MHD correctly in my program.

Thanks for your time,

Jesse

*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53
HSK[889f400]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[889ea88]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[889ea88]: length32 (772)
MHD_gtls_recv_handshake() returning with 772
HSK[889ea88]: MHD__gnutls_recv_handshake_header() failed (-19)
MHD_gtls_recv_handshake() returning with 0
HSK[889f400]: length32 (258)
MHD_gtls_recv_handshake() returning with 258
HSK[889f400]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
HSK[889ea88]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47
HSK[88acfd8]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)
HSK[88acfd8]: MHD_gtls_server_select_suite failed (-21)
HSK[88acfd8]: MHD__gnutls_read_client_hello() failed (-21)
HSK[88acfd8]: MHD_gtls_recv_hello() failed (-21)
MHD_gtls_recv_handshake() returning with -21
HSK[88acfd8]: recv hello (-21)
Error: Handshake has failed (-21)
curl_easy_perform failed: `SSL connect error'
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53
HSK[889e6d0]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: length32 (772)
MHD_gtls_recv_handshake() returning with 772
HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)
MHD_gtls_recv_handshake() returning with 0
HSK[889e6d0]: length32 (258)
MHD_gtls_recv_handshake() returning with 258
HSK[889e6d0]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
HSK[b7e5d6e8]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47
HSK[889f048]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)
HSK[889f048]: MHD_gtls_server_select_suite failed (-21)
HSK[889f048]: MHD__gnutls_read_client_hello() failed (-21)
HSK[889f048]: MHD_gtls_recv_hello() failed (-21)
MHD_gtls_recv_handshake() returning with -21
HSK[889f048]: recv hello (-21)
Error: Handshake has failed (-21)
curl_easy_perform failed: `SSL connect error'
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53
HSK[88b8508]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: length32 (772)
MHD_gtls_recv_handshake() returning with 772
HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)
MHD_gtls_recv_handshake() returning with 0
HSK[88b8508]: length32 (258)
MHD_gtls_recv_handshake() returning with 258
HSK[88b8508]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
HSK[b7e5d6e8]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47
HSK[889dd30]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)
HSK[889dd30]: MHD_gtls_server_select_suite failed (-21)
HSK[889dd30]: MHD__gnutls_read_client_hello() failed (-21)
HSK[889dd30]: MHD_gtls_recv_hello() failed (-21)
MHD_gtls_recv_handshake() returning with -21
HSK[889dd30]: recv hello (-21)
Error: Handshake has failed (-21)
curl_easy_perform failed: `SSL connect error'
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=53
HSK[889e6a8]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: MHD__gnutls_read_client_hello() returning (0)
MHD_gtls_recv_handshake() returning with 0
HSK[b7e5d6e8]: length32 (772)
MHD_gtls_recv_handshake() returning with 772
HSK[b7e5d6e8]: MHD__gnutls_recv_handshake_header() failed (-19)
MHD_gtls_recv_handshake() returning with 0
HSK[889e6a8]: length32 (258)
MHD_gtls_recv_handshake() returning with 258
HSK[889e6a8]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
HSK[b7e5d6e8]: length32 (12)
MHD_gtls_recv_handshake() returning with 12
*** cipher lookup: datalen: 2; x: 1
*** cipher test j=0 i=0 ciphers[i].suite[0]=0 ciphers[i].suite[1]=53 data[j][0]=0 data[j][1]=47
HSK[889dd30]: retval == GNUTLS_E_UNKNOWN_CIPHER_SUITE (-21)
HSK[889dd30]: MHD_gtls_server_select_suite failed (-21)
HSK[889dd30]: MHD__gnutls_read_client_hello() failed (-21)
HSK[889dd30]: MHD_gtls_recv_hello() failed (-21)
MHD_gtls_recv_handshake() returning with -21
HSK[889dd30]: recv hello (-21)
Error: Handshake has failed (-21)
curl_easy_perform failed: `SSL connect error'

reply via email to

[Prev in Thread] Current Thread [Next in Thread]