[Libwebsockets] regarding ssl_client_authentication in websockets server

Andy Green andy at warmcat.com
Tue Jun 21 12:31:37 CEST 2016



On June 21, 2016 5:01:35 PM GMT+08:00, "Suman.Patro-TRN" <Suman.Patro-TRN at lntebg.com> wrote:
>Hello, I have used secure ws for my websockets server using
>libwebsockets and I have enabled both server and client authentication
>. I have generated a .pfx file as client certificate and a .crt as a CA
>certificate. I have installed both the certificates in my android
>device before connecting. During connection the browser shows a
>certificate which can be given to the server , I allow and try
>connecting, but have errors as folows:
>
>[2016/05/21 14:12:40:7469] ERR: SSL_accept failed skt 356:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:12:40:7469] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>[2016/05/21 14:12:40:7482] ERR: SSL_accept failed skt 356:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:12:40:7482] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>[2016/05/21 14:12:40:7482] ERR: SSL_accept failed skt 364:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:12:40:7482] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>[2016/05/21 14:13:43:5597] ERR: SSL_accept failed skt 320:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:13:43:5597] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>[2016/05/21 14:13:43:5622] ERR: SSL_accept failed skt 320:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:13:43:5622] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>[2016/05/21 14:19:39:6892] ERR: SSL_accept failed skt 352:
>error:00000005:lib(0)
>:func(0):DH lib
>[2016/05/21 14:19:39:6892] ERR: lws_adopt_socket_vhost: fail ssl
>negotiation
>
>please suggest some solutions.

This works on any other platform?  Or you only tried it on "Android"?

There is no "Android" there are different versions of it that act different, same as anything else; earlier versions of it act very different in terms of what ciphers + key exchange mechanisms they can handle.  What exactly did you try it on?  What did you restrict lws cipher list to?

Btw my life does not revolve around providing you "solutions".  These are ultimately your problems, not mine.

-Andy

>Thanks and regards,
>Suman
>
>
>Larsen & Toubro Limited
>
>www.larsentoubro.com
>
>This Email may contain confidential or privileged information for the
>intended recipient (s). If you are not the intended recipient, please
>do not use or disseminate the information, notify the sender and delete
>it from your system.
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org
>http://libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list