[Libwebsockets] libwebsockets-test-server and OpenSSL

Derald Woods woods.technical at gmail.com
Fri Mar 20 23:45:44 CET 2015


On Mar 20, 2015 5:04 PM, "Andy Green" <andy at warmcat.com> wrote:
>
>
>
> On 21 March 2015 04:06:48 GMT+08:00, Derald Woods <
woods.technical at gmail.com> wrote:
> >Hello,
> >
> >I am encountering an OpenSSL issue, on my ARM system, when connecting
> >with
> >a browser. I was able to 'curl --insecure' the 'test.html' from the
> >system,
> >but the test server bails as shown below, when I try to connect with
> >Firefox 36.0.1. The test server works as expected without SSL. Any
> >suggestions? Is OpenSSL 1.0.2 being used by anyone?
> >
> >libwebsockets:
> >Git 1677ca52ca92f749364bca95d72c32f81ef4e823
> >
> >OpenSSL> version
> >OpenSSL 1.0.2 22 Jan 2015
>
> Oh... that was the subject of an openssl security update a couple of days
ago.
>
> >~ # libwebsockets-test-server --ssl -d 32767
> >lwsts[156]: libwebsockets test server - (C) Copyright 2010-2014 Andy
> >Green <
> >andy at warmcat.com> - licensed under LGPL2.1
> >Using resource path "/usr/share/libwebsockets-test-server"
> >lwsts[156]: Initial logging level 32767
> >lwsts[156]: Library version: 1.3 1677ca5
> >lwsts[156]: IPV6 not compiled in
> >lwsts[156]: libev support not compiled in
> >lwsts[156]:  LWS_MAX_HEADER_LEN: 1024
> >lwsts[156]:  LWS_MAX_PROTOCOLS: 5
> >lwsts[156]:  SPEC_LATEST_SUPPORTED: 13
> >lwsts[156]:  AWAITING_TIMEOUT: 5
> >lwsts[156]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
> >lwsts[156]:  LWS_MAX_ZLIB_CONN_BUFFER: 65536
> >lwsts[156]:  static allocation: 4480 + (12 x 1024 fds) = 16768 bytes
> >lwsts[156]:  LWS_MAX_EXTENSIONS_ACTIVE: 3
> >lwsts[156]:  canonical_hostname = 1813M00352
> >lwsts[156]:  per-conn mem: 308 + 2140 headers + protocol rx buf
> >lwsts[156]:  Compiled with OpenSSL support
> >lwsts[156]:  Using SSL mode
> >lwsts[156]:  HTTP2 / ALPN enabled
> >lwsts[156]: insert_wsi_socket_into_fds: wsi=0x397b0, sock=7, fds pos=1
> >lwsts[156]:  Listening on port 7681
> >lwsts[156]:   Protocol: http-only
> >lwsts[156]:   Protocol: dumb-increment-protocol
> >lwsts[156]:   Protocol: lws-mirror-protocol
> >lwsts[156]: insert_wsi_socket_into_fds: wsi=0x39fc0, sock=8, fds pos=2
> >lwsts[156]: inserted SSL accept into fds, trying SSL_accept
> >lwsts[156]: SSL_accept failed 1 /
> >error:00000001:lib(0):func(0):reason(1)
> >lwsts[156]: SSL_accept failed skt 7:
> >error:00000001:lib(0):func(0):reason(1)
> >lwsts[156]: close: just_kill_connection
> >lwsts[156]: remove_wsi_socket_from_fds: wsi=0x39fc0, sock=8, fds pos=2
> >lwsts[156]: not calling back closed
> >lwsts[156]: insert_wsi_socket_into_fds: wsi=0x49e70, sock=8, fds pos=2
> >lwsts[156]: inserted SSL accept into fds, trying SSL_accept
> >lwsts[156]: SSL_accept failed 2 / error:00000002:lib(0):func(0):system
> >lib
> >lwsts[156]: SSL_ERROR_WANT_READ
> >lwsts[156]: negotiated h2-14▒?@ using alpn
>
> The problem seems around http2 upgrade, you can avoid it by disable http2
in cmake if you don't care about http2.

I will give this a try this weekend. Thanks for the quick response.

>
> -Andy
>
> >lwsts[156]: accepted new SSL conn
> >lwsts[156]: service_fd: closing due to 0 length read
> >lwsts[156]: Close and handled
> >lwsts[156]: close: just_kill_connection
> >lwsts[156]: remove_wsi_socket_from_fds: wsi=0x49e70, sock=8, fds pos=2
> >lwsts[156]: not calling back closed
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20150320/95ab35cc/attachment-0001.html>


More information about the Libwebsockets mailing list