[Libwebsockets] error when ssl enabled

satya gowtham kudupudi satyagowtham.k at gmail.com
Mon Dec 5 13:21:13 CET 2016


Ok. I will fix my code. But I want to use my certificates. I made my browser to trust my certificates.
But server says
lwsts[29686]: lws_protocol_init
lwsts[29686]: SNI: Unknown ServerName: ubuntu.local
lwsts[29686]: SSL_accept failed skt 10: error:00000001:lib(0):func(0):reason(1)
lwsts[29686]: *** error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
lwsts[29686]: SSL_accept failed skt 10: error:00000006:lib(0):func(0):EVP lib

> On 05-Dec-2016, at 5:38 PM, Andy Green <andy at warmcat.com> wrote:
> 
> On Mon, 2016-12-05 at 17:36 +0530, satya gowtham kudupudi wrote:
>> libwebsockets-test-server --ssl ran exceptionally well
>> libwebsockets-test-server.pem and libwebsockets-test-server.key.pem
>> With my custom server are working. I have changed port form 80 to
>> 443. Now https://ubuntu.local is loading. But however for resources
>> referred with in index.html, like .css,.png,.js etc. browser says 
> 
> Test server doesn't have that problem, right?
> 
> You have the test server, right?
> 
> Debug your own code then...
> 
> -Andy
> 
>> Failed to load resource: cannot parse response. Below is the log from
>> my custom server after using the libwebsockets' pem files.
>> 
>> [2016/12/05 17:34:06:1347] NOTICE: Built to support server operations
>> lwsts[28492]: libwebsockets test server - license LGPL2.1+SLE
>> lwsts[28492]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.com>
>> lwsts[28492]: Running in server mode
>> lwsts[28492]: Initial logging level 7
>> lwsts[28492]: Libwebsockets version: 2.1.0 gowtham at ubuntu-v2.0.0-170-
>> g7355750
>> lwsts[28492]: IPV6 not compiled in
>> lwsts[28492]: libev support not compiled in
>> lwsts[28492]: libuv support not compiled in
>> lwsts[28492]:  Threads: 1 each 1024 fds
>> lwsts[28492]:  mem: platform fd map:  8192 bytes
>> lwsts[28492]:  Compiled with OpenSSL support
>> [2016-12-05 17:34:06 NTC run]: waiting for a connection on 9271 ...
>> lwsts[28492]: Creating Vhost 'default' port 443, 2 protocols, IPv6
>> off
>> lwsts[28492]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-
>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA
>> 1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SHA25
>> lwsts[28492]:  Using SSL mode
>> lwsts[28492]:  SSL ECDH curve 'prime256v1'
>> lwsts[28492]:  Listening on port 443
>> lwsts[28492]:  mem: per-conn:          512 bytes + protocol rx buf
>> lwsts[28492]:  canonical_hostname = ubuntu
>> lwsts[28492]: lws_protocol_init
>> lwsts[28492]: SNI: Unknown ServerName: ubuntu.local
>>     GET URI /
>>     Host ubuntu.local
>>     Connection keep-alive
>>     Extensions HTTP/1.1
>>     Nonce
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>     Accept-Encoding: gzip, deflate
>>     Accept-Language: en-us
>>     Cache-Control: max-age=0
>>     Cookie: session_id=1
>>     GET URI /css/app.css
>>     Host ubuntu.local
>>     Connection keep-alive
>>     Extensions HTTP/1.1
>>     Nonce text/css,*/*;q=0.1
>>     Accept-Encoding: gzip, deflate
>>     Accept-Language: en-us
>>     Cache-Control: max-age=0
>>     Cookie: session_id=1; session_id=1
>>     Referer: https://ubuntu.local/
>> lwsts[28492]: SNI: Unknown ServerName: ubuntu.local
>>     GET URI /js/main.js
>>     Host ubuntu.local
>>     Connection keep-alive
>>     Extensions HTTP/1.1
>>     Nonce */*
>>     Accept-Encoding: gzip, deflate
>>     Accept-Language: en-us
>>     Cache-Control: max-age=0
>>     Cookie: session_id=1; session_id=1
>>     Referer: https://ubuntu.local/
>> 
>>> On 05-Dec-2016, at 4:11 PM, Andy Green <andy at warmcat.com> wrote:
>>> 
>>> On Mon, 2016-12-05 at 16:04 +0530, satya gowtham kudupudi wrote:
>>>> I could able to help only one guy; and did it till he got through
>>>> it.
>>> 
>>> Did you read my email?
>>> 
>>>> Here is the complete log. Please help get me through this. I will
>>>> definitely spare time for the community.
>>> 
>>> Yeah, right.
>>> 
>>>> [2016/12/05 14:35:50:6828] NOTICE: Built to support server
>>>> operations
>>>> [2016-12-05 14:35:50 NTC run]: waiting for a connection on 9271
>>>> ...
>>> 
>>> Just run the unchanged lws test server and repeat the steps I
>>> listed.
>>> 
>>> What does it do?
>>> 
>>> -Andy
>>> 
>>>> lwsts[27892]: libwebsockets test server - license LGPL2.1+SLE
>>>> lwsts[27892]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.co
>>>> m>
>>>> lwsts[27892]: Running in server mode
>>>> lwsts[27892]: Initial logging level 65535
>>>> lwsts[27892]: Libwebsockets version: 2.1.0 gowtham at ubuntu-v2.0.0-
>>>> 170-
>>>> g7355750
>>>> lwsts[27892]: IPV6 not compiled in
>>>> lwsts[27892]: libev support not compiled in
>>>> lwsts[27892]: libuv support not compiled in
>>>> lwsts[27892]:  LWS_DEF_HEADER_LEN    : 4096
>>>> lwsts[27892]:  LWS_MAX_PROTOCOLS     : 5
>>>> lwsts[27892]:  LWS_MAX_SMP           : 32
>>>> lwsts[27892]:  SPEC_LATEST_SUPPORTED : 13
>>>> lwsts[27892]:  sizeof (*info)        : 320
>>>> lwsts[27892]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
>>>> lwsts[27892]:  default timeout (secs): 5
>>>> lwsts[27892]:  Threads: 1 each 1024 fds
>>>> lwsts[27892]:  mem: context:          9272 bytes (5176 ctx + (1
>>>> thr x
>>>> 4096))
>>>> lwsts[27892]:  mem: http hdr rsvd:   122880 bytes (1 thr x (4096
>>>> +
>>>> 3584) x 16))
>>>> lwsts[27892]:  mem: pollfd map:       8192
>>>> lwsts[27892]:  mem: platform fd map:  8192 bytes
>>>> lwsts[27892]:  Compiled with OpenSSL support
>>>> lwsts[27892]: Creating Vhost 'default' port 80, 2 protocols, IPv6
>>>> off
>>>> lwsts[27892]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-
>>>> RSA-
>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:
>>>> !SHA
>>>> 1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-
>>>> SHA25
>>>> lwsts[27892]:  Using SSL mode
>>>> lwsts[27892]:  SSL ECDH curve 'prime256v1'
>>>> lwsts[27892]:  SSL options 0x35A0004
>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc0451b0: tsi=0,
>>>> sock=9, pos-in-fds=1
>>>> lwsts[27892]:  Listening on port 80
>>>> lwsts[27892]:  LWS_MAX_EXTENSIONS_ACTIVE: 2
>>>> lwsts[27892]:  mem: per-conn:          512 bytes + protocol rx
>>>> buf
>>>> lwsts[27892]:  canonical_hostname = ubuntu
>>>> lwsts[27892]: lws_protocol_init
>>>> lwsts[27892]: fd=9, revents=1
>>>> lwsts[27892]: accepted new conn  port 59792 on fd=10
>>>> lwsts[27892]: Accepted 0x7f9ffc047030 to tsi 0
>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc047030: tsi=0,
>>>> sock=10, pos-in-fds=2
>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>> lwsts[27892]: inserted SSL accept into fds, trying SSL_accept
>>>> lwsts[27892]: SSL_accept failed 2 /
>>>> error:00000002:lib(0):func(0):system lib
>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>> (nil)
>>>> (tsi 0, count = 0) in
>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>> 0x7f9ffc012d20: count 1 (on exit)
>>>> lwsts[27892]: Attached ah immediately
>>>> lwsts[27892]: fd=10, revents=1
>>>> lwsts[27892]: SNI: Unknown ServerName: ubuntu.local
>>>> lwsts[27892]: SSL_accept failed 2 /
>>>> error:00000002:lib(0):func(0):system lib
>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>> lwsts[27892]: fd=10, revents=1
>>>> lwsts[27892]: SSL_accept failed 1 /
>>>> error:00000001:lib(0):func(0):reason(1)
>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>> error:00000001:lib(0):func(0):reason(1)
>>>> lwsts[27892]: *** error:14094418:SSL
>>>> routines:ssl3_read_bytes:tlsv1
>>>> alert unknown ca
>>>> lwsts[27892]: lws_close_free_wsi: shutting down connection:
>>>> 0x7f9ffc047030 (sock 10, state 0)
>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>> lwsts[27892]: fd=10, revents=17
>>>> lwsts[27892]: SSL_accept failed 6 /
>>>> error:00000006:lib(0):func(0):EVP
>>>> lib
>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>> error:00000006:lib(0):func(0):EVP lib
>>>> lwsts[27892]: lws_close_free_wsi: real just_kill_connection:
>>>> 0x7f9ffc047030 (sockfd 10)
>>>> lwsts[27892]: remove_wsi_socket_from_fds: removing same prot wsi
>>>> 0x7f9ffc047030
>>>> lwsts[27892]: remove_wsi_socket_from_fds: wsi=0x7f9ffc047030,
>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>> lwsts[27892]: not calling back closed mode=6 state=0
>>>> lwsts[27892]: ah det due to close
>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>> 0x7f9ffc012d20 (tsi=0, count = 1)
>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>> 0x7f9ffc012d20 (tsi=0, count = 0)
>>>> lwsts[27892]: lws_free_wsi: 0x7f9ffc047030, remaining wsi 1
>>>> 
>>>>> On 05-Dec-2016, at 3:43 PM, Andy Green <andy at warmcat.com>
>>>>> wrote:
>>>>> 
>>>>> On Mon, 2016-12-05 at 14:39 +0530, satya gowtham kudupudi
>>>>> wrote:
>>>>> 
>>>>>> When I try to visit https://ubuntu.local:80 server prints
>>>>> 
>>>>> Ah who knows... you snipped the log that says how it's set up.
>>>>> 
>>>>> It's pointless anyway, nobody has your changed sources except
>>>>> you.
>>>>>  And
>>>>> it's true for each person with changed sources only they have:
>>>>> *nobody
>>>>> else cares about whether they work or are broken except you*.
>>>>>  Just
>>>>> like you didn't care about the last guy using lws with some
>>>>> problem
>>>>> he
>>>>> had caused himself.  (I know.. when it's your problem it's
>>>>> different. 
>>>>> But it isn't.)
>>>>> 
>>>>> If lws is broken or should do something better... it's up to
>>>>> you to
>>>>> show that's the case, usually using the test server or client
>>>>> as a
>>>>> reference we both have.  If it's not the case then your problem
>>>>> exists
>>>>> inbetween my working example apps you started with and the
>>>>> modifications that you did to them.  That's *your* problem
>>>>> (unless
>>>>> you
>>>>> can show it is my problem, in lws, in which case I will fix
>>>>> it).
>>>>> 
>>>>> Just use the plain test server that's provided with lws.  I
>>>>> just
>>>>> did it
>>>>> here, you should get the same result.
>>>>> 
>>>>> 1) $ libwebsockets-test-server --ssl
>>>>> 
>>>>> 2) In a browser
>>>>> 
>>>>> https://localhost:7681
>>>>> 
>>>>> 3) Browser says "Not secure, self signed Cert".  Lws creates
>>>>> some
>>>>> unique selfsigned certs for testing purposes when you run
>>>>> cmake.
>>>>> 
>>>>> 4) You click advanced or override and / or add security
>>>>> exception
>>>>> whatever, to say the selfsigned cert is OK
>>>>> 
>>>>> 5) Test server content appears in browser
>>>>> 
>>>>> Put your code on one side and try to repeat that using the test
>>>>> server
>>>>> + certs.
>>>>> 
>>>>> Here is the logging from when I ran it for reference:
>>>>> 
>>>>> ```
>>>>> $ libwebsockets-test-server --ssl
>>>>> lwsts[8423]: libwebsockets test server - license LGPL2.1+SLE
>>>>> lwsts[8423]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.c
>>>>> om>
>>>>> Using resource path "/usr/share/libwebsockets-test-server"
>>>>> lwsts[8423]: Initial logging level 7
>>>>> lwsts[8423]: Libwebsockets version: 2.1.0 agreen at build-v2.0.0-1
>>>>> 96-g
>>>>> fdab
>>>>> d95
>>>>> lwsts[8423]: IPV6 not compiled in
>>>>> lwsts[8423]: libev support not compiled in
>>>>> lwsts[8423]: libuv support compiled in but disabled
>>>>> lwsts[8423]:  Threads: 1 each 1024 fds
>>>>> lwsts[8423]:  mem: platform fd map:  8192 bytes
>>>>> lwsts[8423]:  Compiled with OpenSSL support
>>>>> lwsts[8423]: Creating Vhost 'default' port 7681, 5 protocols,
>>>>> IPv6
>>>>> off
>>>>> lwsts[8423]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-
>>>>> SHA384:ECDHE-
>>>>> RSA-
>>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA
>>>>> 1:!S
>>>>> HA1:
>>>>> !DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-
>>>>> SHA25
>>>>> lwsts[8423]:  Using SSL mode
>>>>> lwsts[8423]:  SSL ECDH curve 'prime256v1'
>>>>> lwsts[8423]:  Listening on port 7681
>>>>> lwsts[8423]:  mem: per-conn:          720 bytes + protocol rx
>>>>> buf
>>>>> lwsts[8423]:  canonical_hostname = build
>>>>> lwsts[8423]: lws_protocol_init
>>>>> lwsts[8423]: Accepted wsi 0xed9a70 to context 0xe896f0, tsi 0
>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>> lwsts[8423]: lws_server_socket_service: wsi 0xed9a70 read -1
>>>>> lwsts[8423]: Accepted wsi 0xeed610 to context 0xe896f0, tsi 0
>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET /
>>>>> http/1.1" 200 20886 Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>> rv:50.0)
>>>>> Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET
>>>>> /lws-
>>>>> common.js http/1.1" 200 3336 Mozilla/5.0 (X11; Fedora; Linux
>>>>> x86_64;
>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET
>>>>> /libwebsockets.org-logo.png http/1.1" 200 7232 Mozilla/5.0
>>>>> (X11;
>>>>> Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:37 +0800] "GET
>>>>> /favicon.ico http/1.1" 200 1612 Mozilla/5.0 (X11; Fedora; Linux
>>>>> x86_64;
>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]: Accepted wsi 0xeda330 to context 0xe896f0, tsi 0
>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>     get  = /xxx
>>>>>     host: = localhost:7681
>>>>>     connection: = keep-alive, Upgrade
>>>>>     upgrade: = websocket
>>>>>     origin: = https://localhost:7681
>>>>>     sec-websocket-extensions: = permessage-deflate
>>>>>     sec-websocket-protocol: = dumb-increment-protocol
>>>>>     http/1.1  = HTTP/1.1
>>>>>     accept: =
>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>>>     accept-encoding: = gzip, deflate, br
>>>>>     accept-language: = en-US,en;q=0.5
>>>>>     pragma: = no-cache
>>>>>     cache-control: = no-cache
>>>>>     cookie: = test=LWS_1480932216_877788_COOKIE
>>>>>     sec-websocket-key: = 5DUsn/Y+0qH7uJTlU0EEIQ==
>>>>>     sec-websocket-version: = 13
>>>>>     user-agent: = Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>> rv:50.0)
>>>>> Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]:  permessage-deflate requires the protocol (dumb-
>>>>> increment-
>>>>> protocol) to have an RX buffer >= 128
>>>>> lwsts[8423]: ext permessage-deflate failed construction
>>>>> lwsts[8423]: 0xeda330 new partial sent 30 from 178 total
>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:37 +0800] "GET
>>>>> /favicon.ico http/1.1" 200 1612 Mozilla/5.0 (X11; Fedora; Linux
>>>>> x86_64;
>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]: Accepted wsi 0xef73d0 to context 0xe896f0, tsi 0
>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>> lwsts[8423]:  Capping pmd rx to 128
>>>>> lwsts[8423]: 0xef73d0 new partial sent 148 from 211 total
>>>>> lwsts[8423]: cache_len 243
>>>>> lwsts[8423]: 0xef73d0 new partial sent 148 from 207 total
>>>>> lwsts[8423]: Accepted wsi 0xee1390 to context 0xe896f0, tsi 0
>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>     get  = /xxx
>>>>>     host: = localhost:7681
>>>>>     connection: = keep-alive, Upgrade
>>>>>     upgrade: = websocket
>>>>>     origin: = https://localhost:7681
>>>>>     sec-websocket-extensions: = permessage-deflate
>>>>>     sec-websocket-protocol: = lws-mirror-protocol
>>>>>     http/1.1  = HTTP/1.1
>>>>>     accept: =
>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>>>     accept-encoding: = gzip, deflate, br
>>>>>     accept-language: = en-US,en;q=0.5
>>>>>     pragma: = no-cache
>>>>>     cache-control: = no-cache
>>>>>     cookie: = test=LWS_1480932216_877788_COOKIE
>>>>>     sec-websocket-key: = u1dBJJLVlfeCMijDZ2pvIQ==
>>>>>     sec-websocket-version: = 13
>>>>>     user-agent: = Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>> rv:50.0)
>>>>> Gecko/20100101 Firefox/50.0
>>>>> lwsts[8423]:  Capping pmd rx to 128
>>>>> lwsts[8423]: 0xee1390 new partial sent 148 from 220 total
>>>>> ```
>>>>> 
>>>>> -Andy
>>>>> 
>>>>> 
>>>>>> lwsts[27892]: fd=9, revents=1
>>>>>> lwsts[27892]: accepted new conn  port 59792 on fd=10
>>>>>> lwsts[27892]: Accepted 0x7f9ffc047030 to tsi 0
>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc047030:
>>>>>> tsi=0,
>>>>>> sock=10, pos-in-fds=2
>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>> lwsts[27892]: inserted SSL accept into fds, trying SSL_accept
>>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>>> (nil)
>>>>>> (tsi 0, count = 0) in
>>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>>> 0x7f9ffc012d20: count 1 (on exit)
>>>>>> lwsts[27892]: Attached ah immediately
>>>>>> lwsts[27892]: fd=10, revents=1
>>>>>> lwsts[27892]: SNI: Unknown ServerName: ubuntu.local
>>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>>> lwsts[27892]: fd=10, revents=1
>>>>>> lwsts[27892]: SSL_accept failed 1 /
>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>> lwsts[27892]: *** error:14094418:SSL
>>>>>> routines:ssl3_read_bytes:tlsv1
>>>>>> alert unknown ca
>>>>>> lwsts[27892]: lws_close_free_wsi: shutting down connection:
>>>>>> 0x7f9ffc047030 (sock 10, state 0)
>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>> lwsts[27892]: fd=10, revents=17
>>>>>> lwsts[27892]: SSL_accept failed 6 /
>>>>>> error:00000006:lib(0):func(0):EVP
>>>>>> lib
>>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>>> error:00000006:lib(0):func(0):EVP lib
>>>>>> lwsts[27892]: lws_close_free_wsi: real just_kill_connection:
>>>>>> 0x7f9ffc047030 (sockfd 10)
>>>>>> lwsts[27892]: remove_wsi_socket_from_fds: removing same prot
>>>>>> wsi
>>>>>> 0x7f9ffc047030
>>>>>> lwsts[27892]: remove_wsi_socket_from_fds: wsi=0x7f9ffc047030,
>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>> lwsts[27892]: not calling back closed mode=6 state=0
>>>>>> lwsts[27892]: ah det due to close
>>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>>> 0x7f9ffc012d20 (tsi=0, count = 1)
>>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>>> 0x7f9ffc012d20 (tsi=0, count = 0)
>>>>>> lwsts[27892]: lws_free_wsi: 0x7f9ffc047030, remaining wsi 1
>>>>>> 
>>>>>> --
>>>>>> Gowtham
>>>>>>> On 05-Dec-2016, at 2:20 PM, Andy Green <andy at warmcat.com>
>>>>>>> wrote:
>>>>>>> 
>>>>>>> On Mon, 2016-12-05 at 13:57 +0530, satya gowtham kudupudi
>>>>>>> wrote:
>>>>>>>> when I try to visit with SSL HTTPS protocol, nothing
>>>>>>>> happens.
>>>>>>>> Page
>>>>>>>> doesn't load at browser and server prints nothing on the
>>>>>>>> screen.
>>>>>>> 
>>>>>>> Mmm
>>>>>>> 
>>>>>>>> lwsts[27731]:  Listening on port 80
>>>>>>> 
>>>>>>> Are you telling it to listen on 443?  If you are still
>>>>>>> listening on
>>>>>>> port 80, just with SSL, you must visit https://ubuntu.local
>>>>>>> :80
>>>>>>> 
>>>>>>>> When I try to visit with non-SSL HTTP protocol, I expect
>>>>>>>> to
>>>>>>>> redirect
>>>>>>> to HTTPS.
>>>>>>> 
>>>>>>> Yeah.
>>>>>>> 
>>>>>>> Well you need to set that up if that's what you want.  You
>>>>>>> tell
>>>>>>> lws
>>>>>>> to
>>>>>>> listen on one port or another and it does that.  That's it.
>>>>>>>  Apache
>>>>>>> is
>>>>>>> the same.
>>>>>>> 
>>>>>>> You need to add a second vhost listening on 80 to do that,
>>>>>>> and
>>>>>>> mount a
>>>>>>> redirect to https://whatever there.  Your main SSL vhost
>>>>>>> should
>>>>>>> be
>>>>>>> listening on 443.
>>>>>>> 
>>>>>>> -Andy
>>>>>>> 
>>>>>>> 
>>>>>>>> On Mon, Dec 5, 2016 at 12:17 PM, Andy Green <andy at warmcat
>>>>>>>> .com
>>>>>>>> wrote:
>>>>>>>>> On Mon, 2016-12-05 at 12:05 +0530, satya gowtham
>>>>>>>>> kudupudi
>>>>>>>>> wrote:
>>>>>>>>>> Hi,
>>>>>>>>>> 
>>>>>>>>>> I have enabled ssl using -ssl option on my server
>>>>>>>>>> that
>>>>>>>>>> inherits
>>>>>>>>> test-
>>>>>>>>>> server. server is running at ubuntu.local. https://ub
>>>>>>>>>> untu
>>>>>>>>>> .loc
>>>>>>>>>> al
>>>>>>>>> don't
>>>>>>>>>> generate any kind of log at the server but http://ubu
>>>>>>>>>> ntu.
>>>>>>>>>> loca
>>>>>>>>>> l
>>>>>>>>> has
>>>>>>>>>> generates below log
>>>>>>>>> 
>>>>>>>>> Ehhh if I understand it, you have started an SSL server
>>>>>>>>> and
>>>>>>>>> then
>>>>>>>>> visit
>>>>>>>>> it using non-SSL http protocol?
>>>>>>>>> 
>>>>>>>>> What exactly were you expecting to happen?
>>>>>>>>> 
>>>>>>>>> -Andy
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> lwsts[27731]: libwebsockets test server - license
>>>>>>>>>> LGPL2.1+SLE
>>>>>>>>>> lwsts[27731]: (C) Copyright 2010-2016 Andy Green <and
>>>>>>>>>> y at wa
>>>>>>>>>> rmca
>>>>>>>>>> t.co
>>>>>>>>> m>
>>>>>>>>>> lwsts[27731]: Running in server mode
>>>>>>>>>> lwsts[27731]: Initial logging level 65535
>>>>>>>>>> lwsts[27731]: Libwebsockets version: 2.1.0 gowtham at ub
>>>>>>>>>> untu
>>>>>>>>>> -v2.
>>>>>>>>>> 0.0-
>>>>>>>>> 170-
>>>>>>>>>> g7355750
>>>>>>>>>> lwsts[27731]: IPV6 not compiled in
>>>>>>>>>> lwsts[27731]: libev support not compiled in
>>>>>>>>>> lwsts[27731]: libuv support not compiled in
>>>>>>>>>> lwsts[27731]:  LWS_DEF_HEADER_LEN    : 4096
>>>>>>>>>> lwsts[27731]:  LWS_MAX_PROTOCOLS     : 5
>>>>>>>>>> lwsts[27731]:  LWS_MAX_SMP           : 32
>>>>>>>>>> lwsts[27731]:  SPEC_LATEST_SUPPORTED : 13
>>>>>>>>>> lwsts[27731]:  sizeof (*info)        : 320
>>>>>>>>>> lwsts[27731]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
>>>>>>>>>> lwsts[27731]:  default timeout (secs): 5
>>>>>>>>>> lwsts[27731]:  Threads: 1 each 1024 fds
>>>>>>>>>> lwsts[27731]:  mem: context:          9272 bytes
>>>>>>>>>> (5176
>>>>>>>>>> ctx +
>>>>>>>>>> (1
>>>>>>>>> thr x
>>>>>>>>>> 4096))
>>>>>>>>>> lwsts[27731]:  mem: http hdr rsvd:   122880 bytes (1
>>>>>>>>>> thr
>>>>>>>>>> x
>>>>>>>>>> (4096
>>>>>>>>> +
>>>>>>>>>> 3584) x 16))
>>>>>>>>>> lwsts[27731]:  mem: pollfd map:       8192
>>>>>>>>>> lwsts[27731]:  mem: platform fd map:  8192 bytes
>>>>>>>>>> lwsts[27731]:  Compiled with OpenSSL support
>>>>>>>>>> lwsts[27731]: Creating Vhost 'default' port 80, 2
>>>>>>>>>> protocols,
>>>>>>>>>> IPv6
>>>>>>>>> off
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> lwsts[27731]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-
>>>>>>>>>> SHA384:ECDHE-
>>>>>>>>> RSA-
>>>>>>>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-
>>>>>>>>>> RSA-
>>>>>>>>>> AES256-
>>>>>>>>>> 
>>>>>>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!
>>>>>>>>> HMAC
>>>>>>>>> _SHA
>>>>>>>>> 1:!S
>>>>>>>>> HA
>>>>>>>>>> 1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-
>>>>>>>>>> SHA256:!AES128-
>>>>>>>>>> GCM-
>>>>>>>>> SHA25
>>>>>>>>>> lwsts[27731]:  Using SSL mode
>>>>>>>>>> lwsts[27731]:  SSL ECDH curve 'prime256v1'
>>>>>>>>>> lwsts[27731]:  SSL options 0x35A0004
>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>> 0x7f33500451b0:
>>>>>>>>>> tsi=0,
>>>>>>>>>> sock=9, pos-in-fds=1
>>>>>>>>>> lwsts[27731]:  Listening on port 80
>>>>>>>>>> lwsts[27731]:  LWS_MAX_EXTENSIONS_ACTIVE: 2
>>>>>>>>>> lwsts[27731]:  mem: per-conn:          512 bytes +
>>>>>>>>>> protocol
>>>>>>>>>> rx
>>>>>>>>> buf
>>>>>>>>>> lwsts[27731]:  canonical_hostname = ubuntu
>>>>>>>>>> lwsts[27731]: lws_protocol_init
>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>> lwsts[27731]: accepted new conn  port 55677 on fd=10
>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>> tsi=0,
>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>> SSL_accept
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> 
>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:httproutines:SSL23_GET_
>>>>>>>>> CLIE
>>>>>>>>> NT_H
>>>>>>>>> ELLO
>>>>>>>>> :h
>>>>>>>>>> ttp request
>>>>>>>>>> lwsts[27731]: lws_adopt_socket_vhost: fail ssl
>>>>>>>>>> negotiation
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>> connection:
>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: fd=10, revents=17
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>> just_kill_connection:
>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>> same
>>>>>>>>>> prot
>>>>>>>>>> wsi
>>>>>>>>>> 0x7f3350047030
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>> (nil)
>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>> (nil)
>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>> wsi
>>>>>>>>>> 1
>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>> lwsts[27731]: accepted new conn  port 55680 on fd=10
>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>> tsi=0,
>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>> SSL_accept
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>> lwsts[27731]: lws_adopt_socket_vhost: fail ssl
>>>>>>>>>> negotiation
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>> connection:
>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: fd=10, revents=17
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>> just_kill_connection:
>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>> same
>>>>>>>>>> prot
>>>>>>>>>> wsi
>>>>>>>>>> 0x7f3350047030
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>> (nil)
>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>> (nil)
>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>> wsi
>>>>>>>>>> 1
>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>> lwsts[27731]: accepted new conn  port 55683 on fd=10
>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>> tsi=0,
>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>> SSL_accept
>>>>>>>>>> lwsts[27731]: SSL_accept failed 2 /
>>>>>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>>>>>> lwsts[27731]: SSL_ERROR_WANT_READ
>>>>>>>>>> lwsts[27731]: lws_header_table_attach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>> (nil)
>>>>>>>>>> (tsi 0, count = 0) in
>>>>>>>>>> lwsts[27731]: lws_header_table_attach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> 0x7f3350012d20: count 1 (on exit)
>>>>>>>>>> lwsts[27731]: Attached ah immediately
>>>>>>>>>> lwsts[27731]: fd=10, revents=1
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>> connection:
>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>> lwsts[27731]: fd=10, revents=1
>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>> just_kill_connection:
>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>> same
>>>>>>>>>> prot
>>>>>>>>>> wsi
>>>>>>>>>> 0x7f3350047030
>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> 0x7f3350012d20 (tsi=0, count = 1)
>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> 0x7f3350012d20 (tsi=0, count = 0)
>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>> wsi
>>>>>>>>>> 1
>>>>>>>>>> 
>>>>>>>>>> I have no clue whats going on. Any hint is very much
>>>>>>>>>> helpful.
>>>>>>>>>> 
>>>>>>>>>> Thank you.
>>>>>>>>>> 
>>>>>>>>>> --
>>>>>>>>>> Gowtham
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Libwebsockets mailing list
>>>>>>>>>> Libwebsockets at ml.libwebsockets.org
>>>>>>>>>> http://libwebsockets.org/mailman/listinfo/libwebsocke
>>>>>>>>>> ts
>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20161205/20ab9a3a/attachment-0001.html>


More information about the Libwebsockets mailing list