[Libwebsockets] error when ssl enabled

Andy Green andy at warmcat.com
Mon Dec 5 13:33:32 CET 2016



On December 5, 2016 8:21:13 PM GMT+08:00, satya gowtham kudupudi <satyagowtham.k at gmail.com> wrote:

>Ok. I will fix my code. But I want to use my certificates. I made my

The certs lws generated work, right?

You can see how they are generated in CMakelists.txt.

Certs I bought from an official CA work, because I use them with lwsws, and eg, https://libwebsockets.org works fine.  I mean visit it, it works, right?  They were the cheapest official certs I could find.

So debug your problem with your certs of unknown provanance yourself.  If you identify a problem in lws I'm happy to look at it.  Otherwise, bon chance.

-Andy

>browser to trust my certificates.
>But server says
>lwsts[29686]: lws_protocol_init
>lwsts[29686]: SNI: Unknown ServerName: ubuntu.local
>lwsts[29686]: SSL_accept failed skt 10:
>error:00000001:lib(0):func(0):reason(1)
>lwsts[29686]: *** error:14094416:SSL routines:ssl3_read_bytes:sslv3
>alert certificate unknown
>lwsts[29686]: SSL_accept failed skt 10:
>error:00000006:lib(0):func(0):EVP lib
>
>> On 05-Dec-2016, at 5:38 PM, Andy Green <andy at warmcat.com> wrote:
>> 
>> On Mon, 2016-12-05 at 17:36 +0530, satya gowtham kudupudi wrote:
>>> libwebsockets-test-server --ssl ran exceptionally well
>>> libwebsockets-test-server.pem and libwebsockets-test-server.key.pem
>>> With my custom server are working. I have changed port form 80 to
>>> 443. Now https://ubuntu.local is loading. But however for resources
>>> referred with in index.html, like .css,.png,.js etc. browser says 
>> 
>> Test server doesn't have that problem, right?
>> 
>> You have the test server, right?
>> 
>> Debug your own code then...
>> 
>> -Andy
>> 
>>> Failed to load resource: cannot parse response. Below is the log
>from
>>> my custom server after using the libwebsockets' pem files.
>>> 
>>> [2016/12/05 17:34:06:1347] NOTICE: Built to support server
>operations
>>> lwsts[28492]: libwebsockets test server - license LGPL2.1+SLE
>>> lwsts[28492]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.com>
>>> lwsts[28492]: Running in server mode
>>> lwsts[28492]: Initial logging level 7
>>> lwsts[28492]: Libwebsockets version: 2.1.0
>gowtham at ubuntu-v2.0.0-170-
>>> g7355750
>>> lwsts[28492]: IPV6 not compiled in
>>> lwsts[28492]: libev support not compiled in
>>> lwsts[28492]: libuv support not compiled in
>>> lwsts[28492]:  Threads: 1 each 1024 fds
>>> lwsts[28492]:  mem: platform fd map:  8192 bytes
>>> lwsts[28492]:  Compiled with OpenSSL support
>>> [2016-12-05 17:34:06 NTC run]: waiting for a connection on 9271 ...
>>> lwsts[28492]: Creating Vhost 'default' port 443, 2 protocols, IPv6
>>> off
>>> lwsts[28492]:  SSL ciphers:
>'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-
>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>>>
>SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA
>>>
>1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SHA25
>>> lwsts[28492]:  Using SSL mode
>>> lwsts[28492]:  SSL ECDH curve 'prime256v1'
>>> lwsts[28492]:  Listening on port 443
>>> lwsts[28492]:  mem: per-conn:          512 bytes + protocol rx buf
>>> lwsts[28492]:  canonical_hostname = ubuntu
>>> lwsts[28492]: lws_protocol_init
>>> lwsts[28492]: SNI: Unknown ServerName: ubuntu.local
>>>     GET URI /
>>>     Host ubuntu.local
>>>     Connection keep-alive
>>>     Extensions HTTP/1.1
>>>     Nonce
>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>     Accept-Encoding: gzip, deflate
>>>     Accept-Language: en-us
>>>     Cache-Control: max-age=0
>>>     Cookie: session_id=1
>>>     GET URI /css/app.css
>>>     Host ubuntu.local
>>>     Connection keep-alive
>>>     Extensions HTTP/1.1
>>>     Nonce text/css,*/*;q=0.1
>>>     Accept-Encoding: gzip, deflate
>>>     Accept-Language: en-us
>>>     Cache-Control: max-age=0
>>>     Cookie: session_id=1; session_id=1
>>>     Referer: https://ubuntu.local/
>>> lwsts[28492]: SNI: Unknown ServerName: ubuntu.local
>>>     GET URI /js/main.js
>>>     Host ubuntu.local
>>>     Connection keep-alive
>>>     Extensions HTTP/1.1
>>>     Nonce */*
>>>     Accept-Encoding: gzip, deflate
>>>     Accept-Language: en-us
>>>     Cache-Control: max-age=0
>>>     Cookie: session_id=1; session_id=1
>>>     Referer: https://ubuntu.local/
>>> 
>>>> On 05-Dec-2016, at 4:11 PM, Andy Green <andy at warmcat.com> wrote:
>>>> 
>>>> On Mon, 2016-12-05 at 16:04 +0530, satya gowtham kudupudi wrote:
>>>>> I could able to help only one guy; and did it till he got through
>>>>> it.
>>>> 
>>>> Did you read my email?
>>>> 
>>>>> Here is the complete log. Please help get me through this. I will
>>>>> definitely spare time for the community.
>>>> 
>>>> Yeah, right.
>>>> 
>>>>> [2016/12/05 14:35:50:6828] NOTICE: Built to support server
>>>>> operations
>>>>> [2016-12-05 14:35:50 NTC run]: waiting for a connection on 9271
>>>>> ...
>>>> 
>>>> Just run the unchanged lws test server and repeat the steps I
>>>> listed.
>>>> 
>>>> What does it do?
>>>> 
>>>> -Andy
>>>> 
>>>>> lwsts[27892]: libwebsockets test server - license LGPL2.1+SLE
>>>>> lwsts[27892]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.co
>>>>> m>
>>>>> lwsts[27892]: Running in server mode
>>>>> lwsts[27892]: Initial logging level 65535
>>>>> lwsts[27892]: Libwebsockets version: 2.1.0 gowtham at ubuntu-v2.0.0-
>>>>> 170-
>>>>> g7355750
>>>>> lwsts[27892]: IPV6 not compiled in
>>>>> lwsts[27892]: libev support not compiled in
>>>>> lwsts[27892]: libuv support not compiled in
>>>>> lwsts[27892]:  LWS_DEF_HEADER_LEN    : 4096
>>>>> lwsts[27892]:  LWS_MAX_PROTOCOLS     : 5
>>>>> lwsts[27892]:  LWS_MAX_SMP           : 32
>>>>> lwsts[27892]:  SPEC_LATEST_SUPPORTED : 13
>>>>> lwsts[27892]:  sizeof (*info)        : 320
>>>>> lwsts[27892]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
>>>>> lwsts[27892]:  default timeout (secs): 5
>>>>> lwsts[27892]:  Threads: 1 each 1024 fds
>>>>> lwsts[27892]:  mem: context:          9272 bytes (5176 ctx + (1
>>>>> thr x
>>>>> 4096))
>>>>> lwsts[27892]:  mem: http hdr rsvd:   122880 bytes (1 thr x (4096
>>>>> +
>>>>> 3584) x 16))
>>>>> lwsts[27892]:  mem: pollfd map:       8192
>>>>> lwsts[27892]:  mem: platform fd map:  8192 bytes
>>>>> lwsts[27892]:  Compiled with OpenSSL support
>>>>> lwsts[27892]: Creating Vhost 'default' port 80, 2 protocols, IPv6
>>>>> off
>>>>> lwsts[27892]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-
>>>>> RSA-
>>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:
>>>>> !SHA
>>>>> 1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-
>>>>> SHA25
>>>>> lwsts[27892]:  Using SSL mode
>>>>> lwsts[27892]:  SSL ECDH curve 'prime256v1'
>>>>> lwsts[27892]:  SSL options 0x35A0004
>>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc0451b0: tsi=0,
>>>>> sock=9, pos-in-fds=1
>>>>> lwsts[27892]:  Listening on port 80
>>>>> lwsts[27892]:  LWS_MAX_EXTENSIONS_ACTIVE: 2
>>>>> lwsts[27892]:  mem: per-conn:          512 bytes + protocol rx
>>>>> buf
>>>>> lwsts[27892]:  canonical_hostname = ubuntu
>>>>> lwsts[27892]: lws_protocol_init
>>>>> lwsts[27892]: fd=9, revents=1
>>>>> lwsts[27892]: accepted new conn  port 59792 on fd=10
>>>>> lwsts[27892]: Accepted 0x7f9ffc047030 to tsi 0
>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc047030: tsi=0,
>>>>> sock=10, pos-in-fds=2
>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>> lwsts[27892]: inserted SSL accept into fds, trying SSL_accept
>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>> error:00000002:lib(0):func(0):system lib
>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>> (nil)
>>>>> (tsi 0, count = 0) in
>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>> 0x7f9ffc012d20: count 1 (on exit)
>>>>> lwsts[27892]: Attached ah immediately
>>>>> lwsts[27892]: fd=10, revents=1
>>>>> lwsts[27892]: SNI: Unknown ServerName: ubuntu.local
>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>> error:00000002:lib(0):func(0):system lib
>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>> lwsts[27892]: fd=10, revents=1
>>>>> lwsts[27892]: SSL_accept failed 1 /
>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>> lwsts[27892]: *** error:14094418:SSL
>>>>> routines:ssl3_read_bytes:tlsv1
>>>>> alert unknown ca
>>>>> lwsts[27892]: lws_close_free_wsi: shutting down connection:
>>>>> 0x7f9ffc047030 (sock 10, state 0)
>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>> lwsts[27892]: fd=10, revents=17
>>>>> lwsts[27892]: SSL_accept failed 6 /
>>>>> error:00000006:lib(0):func(0):EVP
>>>>> lib
>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>> error:00000006:lib(0):func(0):EVP lib
>>>>> lwsts[27892]: lws_close_free_wsi: real just_kill_connection:
>>>>> 0x7f9ffc047030 (sockfd 10)
>>>>> lwsts[27892]: remove_wsi_socket_from_fds: removing same prot wsi
>>>>> 0x7f9ffc047030
>>>>> lwsts[27892]: remove_wsi_socket_from_fds: wsi=0x7f9ffc047030,
>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>> lwsts[27892]: not calling back closed mode=6 state=0
>>>>> lwsts[27892]: ah det due to close
>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>> 0x7f9ffc012d20 (tsi=0, count = 1)
>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>> 0x7f9ffc012d20 (tsi=0, count = 0)
>>>>> lwsts[27892]: lws_free_wsi: 0x7f9ffc047030, remaining wsi 1
>>>>> 
>>>>>> On 05-Dec-2016, at 3:43 PM, Andy Green <andy at warmcat.com>
>>>>>> wrote:
>>>>>> 
>>>>>> On Mon, 2016-12-05 at 14:39 +0530, satya gowtham kudupudi
>>>>>> wrote:
>>>>>> 
>>>>>>> When I try to visit https://ubuntu.local:80 server prints
>>>>>> 
>>>>>> Ah who knows... you snipped the log that says how it's set up.
>>>>>> 
>>>>>> It's pointless anyway, nobody has your changed sources except
>>>>>> you.
>>>>>>  And
>>>>>> it's true for each person with changed sources only they have:
>>>>>> *nobody
>>>>>> else cares about whether they work or are broken except you*.
>>>>>>  Just
>>>>>> like you didn't care about the last guy using lws with some
>>>>>> problem
>>>>>> he
>>>>>> had caused himself.  (I know.. when it's your problem it's
>>>>>> different. 
>>>>>> But it isn't.)
>>>>>> 
>>>>>> If lws is broken or should do something better... it's up to
>>>>>> you to
>>>>>> show that's the case, usually using the test server or client
>>>>>> as a
>>>>>> reference we both have.  If it's not the case then your problem
>>>>>> exists
>>>>>> inbetween my working example apps you started with and the
>>>>>> modifications that you did to them.  That's *your* problem
>>>>>> (unless
>>>>>> you
>>>>>> can show it is my problem, in lws, in which case I will fix
>>>>>> it).
>>>>>> 
>>>>>> Just use the plain test server that's provided with lws.  I
>>>>>> just
>>>>>> did it
>>>>>> here, you should get the same result.
>>>>>> 
>>>>>> 1) $ libwebsockets-test-server --ssl
>>>>>> 
>>>>>> 2) In a browser
>>>>>> 
>>>>>> https://localhost:7681
>>>>>> 
>>>>>> 3) Browser says "Not secure, self signed Cert".  Lws creates
>>>>>> some
>>>>>> unique selfsigned certs for testing purposes when you run
>>>>>> cmake.
>>>>>> 
>>>>>> 4) You click advanced or override and / or add security
>>>>>> exception
>>>>>> whatever, to say the selfsigned cert is OK
>>>>>> 
>>>>>> 5) Test server content appears in browser
>>>>>> 
>>>>>> Put your code on one side and try to repeat that using the test
>>>>>> server
>>>>>> + certs.
>>>>>> 
>>>>>> Here is the logging from when I ran it for reference:
>>>>>> 
>>>>>> ```
>>>>>> $ libwebsockets-test-server --ssl
>>>>>> lwsts[8423]: libwebsockets test server - license LGPL2.1+SLE
>>>>>> lwsts[8423]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.c
>>>>>> om>
>>>>>> Using resource path "/usr/share/libwebsockets-test-server"
>>>>>> lwsts[8423]: Initial logging level 7
>>>>>> lwsts[8423]: Libwebsockets version: 2.1.0 agreen at build-v2.0.0-1
>>>>>> 96-g
>>>>>> fdab
>>>>>> d95
>>>>>> lwsts[8423]: IPV6 not compiled in
>>>>>> lwsts[8423]: libev support not compiled in
>>>>>> lwsts[8423]: libuv support compiled in but disabled
>>>>>> lwsts[8423]:  Threads: 1 each 1024 fds
>>>>>> lwsts[8423]:  mem: platform fd map:  8192 bytes
>>>>>> lwsts[8423]:  Compiled with OpenSSL support
>>>>>> lwsts[8423]: Creating Vhost 'default' port 7681, 5 protocols,
>>>>>> IPv6
>>>>>> off
>>>>>> lwsts[8423]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-
>>>>>> SHA384:ECDHE-
>>>>>> RSA-
>>>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
>>>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA
>>>>>> 1:!S
>>>>>> HA1:
>>>>>> !DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-
>>>>>> SHA25
>>>>>> lwsts[8423]:  Using SSL mode
>>>>>> lwsts[8423]:  SSL ECDH curve 'prime256v1'
>>>>>> lwsts[8423]:  Listening on port 7681
>>>>>> lwsts[8423]:  mem: per-conn:          720 bytes + protocol rx
>>>>>> buf
>>>>>> lwsts[8423]:  canonical_hostname = build
>>>>>> lwsts[8423]: lws_protocol_init
>>>>>> lwsts[8423]: Accepted wsi 0xed9a70 to context 0xe896f0, tsi 0
>>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>> lwsts[8423]: lws_server_socket_service: wsi 0xed9a70 read -1
>>>>>> lwsts[8423]: Accepted wsi 0xeed610 to context 0xe896f0, tsi 0
>>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET /
>>>>>> http/1.1" 200 20886 Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>>> rv:50.0)
>>>>>> Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET
>>>>>> /lws-
>>>>>> common.js http/1.1" 200 3336 Mozilla/5.0 (X11; Fedora; Linux
>>>>>> x86_64;
>>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:36 +0800] "GET
>>>>>> /libwebsockets.org-logo.png http/1.1" 200 7232 Mozilla/5.0
>>>>>> (X11;
>>>>>> Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:37 +0800] "GET
>>>>>> /favicon.ico http/1.1" 200 1612 Mozilla/5.0 (X11; Fedora; Linux
>>>>>> x86_64;
>>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]: Accepted wsi 0xeda330 to context 0xe896f0, tsi 0
>>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>>     get  = /xxx
>>>>>>     host: = localhost:7681
>>>>>>     connection: = keep-alive, Upgrade
>>>>>>     upgrade: = websocket
>>>>>>     origin: = https://localhost:7681
>>>>>>     sec-websocket-extensions: = permessage-deflate
>>>>>>     sec-websocket-protocol: = dumb-increment-protocol
>>>>>>     http/1.1  = HTTP/1.1
>>>>>>     accept: =
>>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>>>>     accept-encoding: = gzip, deflate, br
>>>>>>     accept-language: = en-US,en;q=0.5
>>>>>>     pragma: = no-cache
>>>>>>     cache-control: = no-cache
>>>>>>     cookie: = test=LWS_1480932216_877788_COOKIE
>>>>>>     sec-websocket-key: = 5DUsn/Y+0qH7uJTlU0EEIQ==
>>>>>>     sec-websocket-version: = 13
>>>>>>     user-agent: = Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>>> rv:50.0)
>>>>>> Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]:  permessage-deflate requires the protocol (dumb-
>>>>>> increment-
>>>>>> protocol) to have an RX buffer >= 128
>>>>>> lwsts[8423]: ext permessage-deflate failed construction
>>>>>> lwsts[8423]: 0xeda330 new partial sent 30 from 178 total
>>>>>> lwsts[8423]: 127.0.0.1 - - [05/Dec/2016:18:03:37 +0800] "GET
>>>>>> /favicon.ico http/1.1" 200 1612 Mozilla/5.0 (X11; Fedora; Linux
>>>>>> x86_64;
>>>>>> rv:50.0) Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]: Accepted wsi 0xef73d0 to context 0xe896f0, tsi 0
>>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>> lwsts[8423]:  Capping pmd rx to 128
>>>>>> lwsts[8423]: 0xef73d0 new partial sent 148 from 211 total
>>>>>> lwsts[8423]: cache_len 243
>>>>>> lwsts[8423]: 0xef73d0 new partial sent 148 from 207 total
>>>>>> lwsts[8423]: Accepted wsi 0xee1390 to context 0xe896f0, tsi 0
>>>>>> lwsts[8423]: SNI: Unknown ServerName: localhost
>>>>>>     get  = /xxx
>>>>>>     host: = localhost:7681
>>>>>>     connection: = keep-alive, Upgrade
>>>>>>     upgrade: = websocket
>>>>>>     origin: = https://localhost:7681
>>>>>>     sec-websocket-extensions: = permessage-deflate
>>>>>>     sec-websocket-protocol: = lws-mirror-protocol
>>>>>>     http/1.1  = HTTP/1.1
>>>>>>     accept: =
>>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>>>>     accept-encoding: = gzip, deflate, br
>>>>>>     accept-language: = en-US,en;q=0.5
>>>>>>     pragma: = no-cache
>>>>>>     cache-control: = no-cache
>>>>>>     cookie: = test=LWS_1480932216_877788_COOKIE
>>>>>>     sec-websocket-key: = u1dBJJLVlfeCMijDZ2pvIQ==
>>>>>>     sec-websocket-version: = 13
>>>>>>     user-agent: = Mozilla/5.0 (X11; Fedora; Linux x86_64;
>>>>>> rv:50.0)
>>>>>> Gecko/20100101 Firefox/50.0
>>>>>> lwsts[8423]:  Capping pmd rx to 128
>>>>>> lwsts[8423]: 0xee1390 new partial sent 148 from 220 total
>>>>>> ```
>>>>>> 
>>>>>> -Andy
>>>>>> 
>>>>>> 
>>>>>>> lwsts[27892]: fd=9, revents=1
>>>>>>> lwsts[27892]: accepted new conn  port 59792 on fd=10
>>>>>>> lwsts[27892]: Accepted 0x7f9ffc047030 to tsi 0
>>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>>> lwsts[27892]: insert_wsi_socket_into_fds: 0x7f9ffc047030:
>>>>>>> tsi=0,
>>>>>>> sock=10, pos-in-fds=2
>>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>>> lwsts[27892]: inserted SSL accept into fds, trying SSL_accept
>>>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>>>> (nil)
>>>>>>> (tsi 0, count = 0) in
>>>>>>> lwsts[27892]: lws_header_table_attach: wsi 0x7f9ffc047030: ah
>>>>>>> 0x7f9ffc012d20: count 1 (on exit)
>>>>>>> lwsts[27892]: Attached ah immediately
>>>>>>> lwsts[27892]: fd=10, revents=1
>>>>>>> lwsts[27892]: SNI: Unknown ServerName: ubuntu.local
>>>>>>> lwsts[27892]: SSL_accept failed 2 /
>>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>>> lwsts[27892]: SSL_ERROR_WANT_READ
>>>>>>> lwsts[27892]: fd=10, revents=1
>>>>>>> lwsts[27892]: SSL_accept failed 1 /
>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>> lwsts[27892]: *** error:14094418:SSL
>>>>>>> routines:ssl3_read_bytes:tlsv1
>>>>>>> alert unknown ca
>>>>>>> lwsts[27892]: lws_close_free_wsi: shutting down connection:
>>>>>>> 0x7f9ffc047030 (sock 10, state 0)
>>>>>>> lwsts[27892]: lws_set_timeout: 0x7f9ffc047030: 5 secs
>>>>>>> lwsts[27892]: fd=10, revents=17
>>>>>>> lwsts[27892]: SSL_accept failed 6 /
>>>>>>> error:00000006:lib(0):func(0):EVP
>>>>>>> lib
>>>>>>> lwsts[27892]: SSL_accept failed skt 10:
>>>>>>> error:00000006:lib(0):func(0):EVP lib
>>>>>>> lwsts[27892]: lws_close_free_wsi: real just_kill_connection:
>>>>>>> 0x7f9ffc047030 (sockfd 10)
>>>>>>> lwsts[27892]: remove_wsi_socket_from_fds: removing same prot
>>>>>>> wsi
>>>>>>> 0x7f9ffc047030
>>>>>>> lwsts[27892]: remove_wsi_socket_from_fds: wsi=0x7f9ffc047030,
>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>> lwsts[27892]: not calling back closed mode=6 state=0
>>>>>>> lwsts[27892]: ah det due to close
>>>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>>>> 0x7f9ffc012d20 (tsi=0, count = 1)
>>>>>>> lwsts[27892]: lws_header_table_detach: wsi 0x7f9ffc047030: ah
>>>>>>> 0x7f9ffc012d20 (tsi=0, count = 0)
>>>>>>> lwsts[27892]: lws_free_wsi: 0x7f9ffc047030, remaining wsi 1
>>>>>>> 
>>>>>>> --
>>>>>>> Gowtham
>>>>>>>> On 05-Dec-2016, at 2:20 PM, Andy Green <andy at warmcat.com>
>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>> On Mon, 2016-12-05 at 13:57 +0530, satya gowtham kudupudi
>>>>>>>> wrote:
>>>>>>>>> when I try to visit with SSL HTTPS protocol, nothing
>>>>>>>>> happens.
>>>>>>>>> Page
>>>>>>>>> doesn't load at browser and server prints nothing on the
>>>>>>>>> screen.
>>>>>>>> 
>>>>>>>> Mmm
>>>>>>>> 
>>>>>>>>> lwsts[27731]:  Listening on port 80
>>>>>>>> 
>>>>>>>> Are you telling it to listen on 443?  If you are still
>>>>>>>> listening on
>>>>>>>> port 80, just with SSL, you must visit https://ubuntu.local
>>>>>>>> :80
>>>>>>>> 
>>>>>>>>> When I try to visit with non-SSL HTTP protocol, I expect
>>>>>>>>> to
>>>>>>>>> redirect
>>>>>>>> to HTTPS.
>>>>>>>> 
>>>>>>>> Yeah.
>>>>>>>> 
>>>>>>>> Well you need to set that up if that's what you want.  You
>>>>>>>> tell
>>>>>>>> lws
>>>>>>>> to
>>>>>>>> listen on one port or another and it does that.  That's it.
>>>>>>>>  Apache
>>>>>>>> is
>>>>>>>> the same.
>>>>>>>> 
>>>>>>>> You need to add a second vhost listening on 80 to do that,
>>>>>>>> and
>>>>>>>> mount a
>>>>>>>> redirect to https://whatever there.  Your main SSL vhost
>>>>>>>> should
>>>>>>>> be
>>>>>>>> listening on 443.
>>>>>>>> 
>>>>>>>> -Andy
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> On Mon, Dec 5, 2016 at 12:17 PM, Andy Green <andy at warmcat
>>>>>>>>> .com
>>>>>>>>> wrote:
>>>>>>>>>> On Mon, 2016-12-05 at 12:05 +0530, satya gowtham
>>>>>>>>>> kudupudi
>>>>>>>>>> wrote:
>>>>>>>>>>> Hi,
>>>>>>>>>>> 
>>>>>>>>>>> I have enabled ssl using -ssl option on my server
>>>>>>>>>>> that
>>>>>>>>>>> inherits
>>>>>>>>>> test-
>>>>>>>>>>> server. server is running at ubuntu.local. https://ub
>>>>>>>>>>> untu
>>>>>>>>>>> .loc
>>>>>>>>>>> al
>>>>>>>>>> don't
>>>>>>>>>>> generate any kind of log at the server but http://ubu
>>>>>>>>>>> ntu.
>>>>>>>>>>> loca
>>>>>>>>>>> l
>>>>>>>>>> has
>>>>>>>>>>> generates below log
>>>>>>>>>> 
>>>>>>>>>> Ehhh if I understand it, you have started an SSL server
>>>>>>>>>> and
>>>>>>>>>> then
>>>>>>>>>> visit
>>>>>>>>>> it using non-SSL http protocol?
>>>>>>>>>> 
>>>>>>>>>> What exactly were you expecting to happen?
>>>>>>>>>> 
>>>>>>>>>> -Andy
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>>> lwsts[27731]: libwebsockets test server - license
>>>>>>>>>>> LGPL2.1+SLE
>>>>>>>>>>> lwsts[27731]: (C) Copyright 2010-2016 Andy Green <and
>>>>>>>>>>> y at wa
>>>>>>>>>>> rmca
>>>>>>>>>>> t.co
>>>>>>>>>> m>
>>>>>>>>>>> lwsts[27731]: Running in server mode
>>>>>>>>>>> lwsts[27731]: Initial logging level 65535
>>>>>>>>>>> lwsts[27731]: Libwebsockets version: 2.1.0 gowtham at ub
>>>>>>>>>>> untu
>>>>>>>>>>> -v2.
>>>>>>>>>>> 0.0-
>>>>>>>>>> 170-
>>>>>>>>>>> g7355750
>>>>>>>>>>> lwsts[27731]: IPV6 not compiled in
>>>>>>>>>>> lwsts[27731]: libev support not compiled in
>>>>>>>>>>> lwsts[27731]: libuv support not compiled in
>>>>>>>>>>> lwsts[27731]:  LWS_DEF_HEADER_LEN    : 4096
>>>>>>>>>>> lwsts[27731]:  LWS_MAX_PROTOCOLS     : 5
>>>>>>>>>>> lwsts[27731]:  LWS_MAX_SMP           : 32
>>>>>>>>>>> lwsts[27731]:  SPEC_LATEST_SUPPORTED : 13
>>>>>>>>>>> lwsts[27731]:  sizeof (*info)        : 320
>>>>>>>>>>> lwsts[27731]:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
>>>>>>>>>>> lwsts[27731]:  default timeout (secs): 5
>>>>>>>>>>> lwsts[27731]:  Threads: 1 each 1024 fds
>>>>>>>>>>> lwsts[27731]:  mem: context:          9272 bytes
>>>>>>>>>>> (5176
>>>>>>>>>>> ctx +
>>>>>>>>>>> (1
>>>>>>>>>> thr x
>>>>>>>>>>> 4096))
>>>>>>>>>>> lwsts[27731]:  mem: http hdr rsvd:   122880 bytes (1
>>>>>>>>>>> thr
>>>>>>>>>>> x
>>>>>>>>>>> (4096
>>>>>>>>>> +
>>>>>>>>>>> 3584) x 16))
>>>>>>>>>>> lwsts[27731]:  mem: pollfd map:       8192
>>>>>>>>>>> lwsts[27731]:  mem: platform fd map:  8192 bytes
>>>>>>>>>>> lwsts[27731]:  Compiled with OpenSSL support
>>>>>>>>>>> lwsts[27731]: Creating Vhost 'default' port 80, 2
>>>>>>>>>>> protocols,
>>>>>>>>>>> IPv6
>>>>>>>>>> off
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>>> lwsts[27731]:  SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-
>>>>>>>>>>> SHA384:ECDHE-
>>>>>>>>>> RSA-
>>>>>>>>>>> AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-
>>>>>>>>>>> RSA-
>>>>>>>>>>> AES256-
>>>>>>>>>>> 
>>>>>>>>>> SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!
>>>>>>>>>> HMAC
>>>>>>>>>> _SHA
>>>>>>>>>> 1:!S
>>>>>>>>>> HA
>>>>>>>>>>> 1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-
>>>>>>>>>>> SHA256:!AES128-
>>>>>>>>>>> GCM-
>>>>>>>>>> SHA25
>>>>>>>>>>> lwsts[27731]:  Using SSL mode
>>>>>>>>>>> lwsts[27731]:  SSL ECDH curve 'prime256v1'
>>>>>>>>>>> lwsts[27731]:  SSL options 0x35A0004
>>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>>> 0x7f33500451b0:
>>>>>>>>>>> tsi=0,
>>>>>>>>>>> sock=9, pos-in-fds=1
>>>>>>>>>>> lwsts[27731]:  Listening on port 80
>>>>>>>>>>> lwsts[27731]:  LWS_MAX_EXTENSIONS_ACTIVE: 2
>>>>>>>>>>> lwsts[27731]:  mem: per-conn:          512 bytes +
>>>>>>>>>>> protocol
>>>>>>>>>>> rx
>>>>>>>>>> buf
>>>>>>>>>>> lwsts[27731]:  canonical_hostname = ubuntu
>>>>>>>>>>> lwsts[27731]: lws_protocol_init
>>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>>> lwsts[27731]: accepted new conn  port 55677 on fd=10
>>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>>> tsi=0,
>>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>>> SSL_accept
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> 
>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:httproutines:SSL23_GET_
>>>>>>>>>> CLIE
>>>>>>>>>> NT_H
>>>>>>>>>> ELLO
>>>>>>>>>> :h
>>>>>>>>>>> ttp request
>>>>>>>>>>> lwsts[27731]: lws_adopt_socket_vhost: fail ssl
>>>>>>>>>>> negotiation
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>>> connection:
>>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: fd=10, revents=17
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>>> just_kill_connection:
>>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>>> same
>>>>>>>>>>> prot
>>>>>>>>>>> wsi
>>>>>>>>>>> 0x7f3350047030
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> (nil)
>>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> (nil)
>>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>>> wsi
>>>>>>>>>>> 1
>>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>>> lwsts[27731]: accepted new conn  port 55680 on fd=10
>>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>>> tsi=0,
>>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>>> SSL_accept
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>>> lwsts[27731]: lws_adopt_socket_vhost: fail ssl
>>>>>>>>>>> negotiation
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>>> connection:
>>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: fd=10, revents=17
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>>> just_kill_connection:
>>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>>> same
>>>>>>>>>>> prot
>>>>>>>>>>> wsi
>>>>>>>>>>> 0x7f3350047030
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> (nil)
>>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> (nil)
>>>>>>>>>>> (tsi=0, count = 0)
>>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>>> wsi
>>>>>>>>>>> 1
>>>>>>>>>>> lwsts[27731]: fd=9, revents=1
>>>>>>>>>>> lwsts[27731]: accepted new conn  port 55683 on fd=10
>>>>>>>>>>> lwsts[27731]: Accepted 0x7f3350047030 to tsi 0
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: insert_wsi_socket_into_fds:
>>>>>>>>>>> 0x7f3350047030:
>>>>>>>>>>> tsi=0,
>>>>>>>>>>> sock=10, pos-in-fds=2
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: inserted SSL accept into fds, trying
>>>>>>>>>>> SSL_accept
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 2 /
>>>>>>>>>>> error:00000002:lib(0):func(0):system lib
>>>>>>>>>>> lwsts[27731]: SSL_ERROR_WANT_READ
>>>>>>>>>>> lwsts[27731]: lws_header_table_attach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>> (nil)
>>>>>>>>>>> (tsi 0, count = 0) in
>>>>>>>>>>> lwsts[27731]: lws_header_table_attach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>>> 0x7f3350012d20: count 1 (on exit)
>>>>>>>>>>> lwsts[27731]: Attached ah immediately
>>>>>>>>>>> lwsts[27731]: fd=10, revents=1
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: shutting down
>>>>>>>>>>> connection:
>>>>>>>>>>> 0x7f3350047030 (sock 10, state 0)
>>>>>>>>>>> lwsts[27731]: lws_set_timeout: 0x7f3350047030: 5 secs
>>>>>>>>>>> lwsts[27731]: fd=10, revents=1
>>>>>>>>>>> lwsts[27731]: SSL_accept failed 1 /
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: SSL_accept failed skt 10:
>>>>>>>>>>> error:00000001:lib(0):func(0):reason(1)
>>>>>>>>>>> lwsts[27731]: *** error:1407609C:SSL
>>>>>>>>>>> routines:SSL23_GET_CLIENT_HELLO:http request
>>>>>>>>>>> lwsts[27731]: lws_close_free_wsi: real
>>>>>>>>>>> just_kill_connection:
>>>>>>>>>>> 0x7f3350047030 (sockfd 10)
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds: removing
>>>>>>>>>>> same
>>>>>>>>>>> prot
>>>>>>>>>>> wsi
>>>>>>>>>>> 0x7f3350047030
>>>>>>>>>>> lwsts[27731]: remove_wsi_socket_from_fds:
>>>>>>>>>>> wsi=0x7f3350047030,
>>>>>>>>>>> sock=10, fds pos=2, end guy pos=3, endfd=0
>>>>>>>>>>> lwsts[27731]: not calling back closed mode=6 state=0
>>>>>>>>>>> lwsts[27731]: ah det due to close
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>>> 0x7f3350012d20 (tsi=0, count = 1)
>>>>>>>>>>> lwsts[27731]: lws_header_table_detach: wsi
>>>>>>>>>>> 0x7f3350047030: ah
>>>>>>>>>>> 0x7f3350012d20 (tsi=0, count = 0)
>>>>>>>>>>> lwsts[27731]: lws_free_wsi: 0x7f3350047030, remaining
>>>>>>>>>>> wsi
>>>>>>>>>>> 1
>>>>>>>>>>> 
>>>>>>>>>>> I have no clue whats going on. Any hint is very much
>>>>>>>>>>> helpful.
>>>>>>>>>>> 
>>>>>>>>>>> Thank you.
>>>>>>>>>>> 
>>>>>>>>>>> --
>>>>>>>>>>> Gowtham
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Libwebsockets mailing list
>>>>>>>>>>> Libwebsockets at ml.libwebsockets.org
>>>>>>>>>>> http://libwebsockets.org/mailman/listinfo/libwebsocke
>>>>>>>>>>> ts
>>> 
>>> 




More information about the Libwebsockets mailing list