[Libwebsockets] iOS 9 issue

Andrejs Hanins andrejs.hanins at ubnt.com
Fri Oct 16 11:28:01 CEST 2015


Hi Roger,

On 10/16/2015 11:59 AM, Roger Light wrote:
> Hi all,
> 
> I'm hoping for some help with a problem I've had reported to me by a
> user. When he connects to my program on a TLS socket provided through
> libwebsockets using Safari on OS X everything is fine. On iOS 9 using
> Safari or the web app it fails with the error:
> 
> WebSocket network error: The operation couldn't be completed.
> (OSStatus error -9807.)
> 
> The log on the server looks like:
> 
> insert_wsi_socket_into_fds: wsi=0x1441130, sock=17, fds pos=2
> inserted SSL accept into fds, trying SSL_accept
> SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
> SSL_ERROR_WANT_READ
> SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
> SSL_accept failed skt 17: error:00000005:lib(0):func(0):DH lib
> close: just_kill_connection
> remove_wsi_socket_from_fds: wsi=0x1441130, sock=17, fds pos=2
> not calling back closed
> insert_wsi_socket_into_fds: wsi=0x1441130, sock=17, fds pos=2
> inserted SSL accept into fds, trying SSL_accept
> SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
> SSL_ERROR_WANT_READ
> SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
> SSL_ERROR_WANT_READ
> SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
> SSL_accept failed skt 17: error:00000005:lib(0):func(0):DH lib
> close: just_kill_connection
> remove_wsi_socket_from_fds: wsi=0x1441130, sock=17, fds pos=2
> not calling back closed
> 
> This suggests to me something is failing in the DH lib part - maybe
> something to do with ciphers. Current libwebsockets doesn't configure
> DH ciper parameters which does mean that the list of ciphers it
> supports is smaller than it could be. I've created a patch[1] that
> adds this support, but my user says it didn't help. He's now testing
> using the lws test server, so the bug does look to be here, or in iOS
> 9.
> 
> I'm at a bit of a loss as to what to try next, so I'm wondering if
> anybody else has seen anything similar, or can help with the debugging
> process - I've not got access to any iOS devices.
I'm doing exactly the same thing right now (iPhone6 + iOS 9.0.2) and don't
have any issues at all. I'm on LWS version 1.4-chrome43-firefox-36 and
OpenSSL 1.0.2d. I would recommend trying latest/different OpenSSL lib if yours
is too old.

> 
> I'll still be submitting the patch as a pull request, it's still
> useful, but would like to make sure there isn't anything else missing
> first. The accepted answer at [2] shows a shell script for finding
> server supported ciphers so you can see what the patch achieves.
> 
> Cheers,
> 
> Roger
> 
> 
> [1] https://github.com/ralight/libwebsockets/tree/ssl-dh
> [2] http://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://ml.libwebsockets.org/mailman/listinfo/libwebsockets
> 



More information about the Libwebsockets mailing list