[Libwebsockets] libwebsockets-test-client with SSL - sanity check

Daniel libwebsockets at dswann.co.uk
Sun Jul 2 12:01:47 CEST 2017


I'm having problems getting the libwebsockets-test-client/server in 
Debian Stretch to work using SSL.

What I'm trying is running "libwebsockets-test-server --ssl" in one 
console, and "libwebsockets-test-client localhost --ssl -s" in another, 
but get "certificate verify failed" errors from the client. Is this 
supposed to just work, or have I missed a vital step if I want to use SSL?


Output from the two test apps:

# libwebsockets-test-client localhost --ssl -s
[2017/07/02 10:08:04:4264] NOTICE: libwebsockets test client - license 
LGPL2.1+SLE
[2017/07/02 10:08:04:4265] NOTICE: (C) Copyright 2010-2016 Andy Green 
<andy at warmcat.com>
[2017/07/02 10:08:04:4266] NOTICE:  Selfsigned certs allowed
[2017/07/02 10:08:04:4266] NOTICE: Initial logging level 7
[2017/07/02 10:08:04:4266] NOTICE: Libwebsockets version: 2.0.3 
unknown-build-hash
[2017/07/02 10:08:04:4267] NOTICE: IPV6 not compiled in
[2017/07/02 10:08:04:4267] NOTICE: libev support compiled in but disabled
[2017/07/02 10:08:04:4268] NOTICE: libuv support compiled in but disabled
[2017/07/02 10:08:04:4268] NOTICE:  Threads: 1 each 1024 fds
[2017/07/02 10:08:04:4269] NOTICE:  mem: platform fd map:  8192 bytes
[2017/07/02 10:08:04:4269] NOTICE:  Compiled with OpenSSL support
[2017/07/02 10:08:04:4281] NOTICE: Creating Vhost 'default' port -1, 2 
protocols
[2017/07/02 10:08:04:4284] NOTICE:  mem: per-conn:          920 bytes + 
protocol rx buf
[2017/07/02 10:08:04:4285] NOTICE:  canonical_hostname = Stretch1
[2017/07/02 10:08:04:4285] NOTICE: using  mode (ws)
[2017/07/02 10:08:04:4285] NOTICE: dumb: connecting
[2017/07/02 10:08:04:4289] NOTICE: mirror: connecting
[2017/07/02 10:08:04:4291] NOTICE: lws_protocol_init
[2017/07/02 10:08:04:4345] ERR: SSL connect error 337047686: 
error:1416F086:SSL routines:tls_process_server_certificate:certificate 
verify failed
[2017/07/02 10:08:04:4346] ERR: dumb: LWS_CALLBACK_CLIENT_CONNECTION_ERROR
[2017/07/02 10:08:04:4357] ERR: SSL connect error 337047686: 
error:1416F086:SSL routines:tls_process_server_certificate:certificate 
verify failed
[2017/07/02 10:08:04:4358] ERR: mirror: LWS_CALLBACK_CLIENT_CONNECTION_ERROR
[2017/07/02 10:08:06:4385] NOTICE: dumb: connecting
[2017/07/02 10:08:06:4389] NOTICE: mirror: connecting
[2017/07/02 10:08:06:4408] ERR: SSL connect error 337047686: 
error:1416F086:SSL routines:tls_process_server_certificate:certificate 
verify failed
[2017/07/02 10:08:06:4408] ERR: dumb: LWS_CALLBACK_CLIENT_CONNECTION_ERROR
[2017/07/02 10:08:06:4425] ERR: SSL connect error 337047686: 
error:1416F086:SSL routines:tls_process_server_certificate:certificate 
verify failed
[2017/07/02 10:08:06:4426] ERR: mirror: LWS_CALLBACK_CLIENT_CONNECTION_ERROR


# libwebsockets-test-server --ssl
lwsts[473]: libwebsockets test server - license LGPL2.1+SLE
lwsts[473]: (C) Copyright 2010-2016 Andy Green <andy at warmcat.com>
Using resource path "/usr/share/libwebsockets-test-server"
lwsts[473]: Initial logging level 7
lwsts[473]: Libwebsockets version: 2.0.3 unknown-build-hash
lwsts[473]: IPV6 not compiled in
lwsts[473]: libev support compiled in but disabled
lwsts[473]: libuv support compiled in but disabled
lwsts[473]:  Threads: 1 each 1024 fds
lwsts[473]:  mem: platform fd map:  8192 bytes
lwsts[473]:  Compiled with OpenSSL support
lwsts[473]: Creating Vhost 'default' port 7681, 5 protocols
lwsts[473]:  SSL ciphers: 
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SHA256
lwsts[473]:  Using SSL mode
lwsts[473]:  SSL ECDH curve 'prime256v1'
lwsts[473]:  Listening on port 7681
lwsts[473]:  mem: per-conn:          920 bytes + protocol rx buf
lwsts[473]:  canonical_hostname = Stretch1
lwsts[473]: lws_protocol_init
lwsts[473]: SNI: Unknown ServerName: localhost
lwsts[473]: SNI: Unknown ServerName: localhost
lwsts[473]: SSL_accept failed skt 8: error:00000001:lib(0):func(0):reason(1)
lwsts[473]: *** error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert 
unknown ca
lwsts[473]: SSL_accept failed skt 8: error:00000005:lib(0):func(0):DH lib
lwsts[473]: SSL_accept failed skt 9: error:00000001:lib(0):func(0):reason(1)
lwsts[473]: *** error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert 
unknown ca
lwsts[473]: SSL_accept failed skt 9: error:00000005:lib(0):func(0):DH lib
lwsts[473]: SNI: Unknown ServerName: localhost
lwsts[473]: SSL_accept failed skt 8: error:00000001:lib(0):func(0):reason(1)
lwsts[473]: *** error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert 
unknown ca
lwsts[473]: SSL_accept failed skt 8: error:00000005:lib(0):func(0):DH lib
lwsts[473]: SNI: Unknown ServerName: localhost
lwsts[473]: SSL_accept failed skt 9: error:00000001:lib(0):func(0):reason(1)
lwsts[473]: *** error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert 
unknown ca
lwsts[473]: SSL_accept failed skt 9: error:00000005:lib(0):func(0):DH lib

Thanks, Daniel




More information about the Libwebsockets mailing list