[Libwebsockets] How to fix the "SSL_CTX_get_extra_chain_certs_only" error

Chropin Hu chropinhu at gmail.com
Mon Jan 22 13:01:02 CET 2018


Dear All,
       I am trying to setup a https server  on ubuntu.
       Currently, I just use the lwsws,
       The config file like this:
        {
 "vhosts": [ {
     "name": "localhost",
     "port": "7681",
     "interface": "lo",
     "host-ssl-key":  "/home/develop/ecdh/ca/ecdhkey.pem",
     "host-ssl-cert": "/home/develop/ecdh/ca/ecdhcert.pem",
     "host-ssl-ca":   "/home/develop/ecdh/ca/cacert.pem",
#     "sts": "on",
     "mounts": [{
       "mountpoint": "/",
       "origin": "file://_lws_ddir_/libwebsockets-test-server",
       "default": "test.html",
       "cache-max-age": "60",
       "cache-reuse": "1",
       "cache-revalidate": "1",
       "cache-intermediaries": "0"
       }, {
        "mountpoint": "/server-status",
        "origin":
"file://_lws_ddir_/libwebsockets-test-server/server-status",
        "default": "server-status.html"
        }, {
        "mountpoint": "/testcgi",
        "origin":
"cgi://_lws_ddir_/libwebsockets-test-server/lws-cgi-test.sh"

       }, {
        "mountpoint": "/formtest",
        "origin": "callback://protocol-post-demo"
       }],
     # which protocols are enabled for this vhost, and optional
     # vhost-specific config options for the protocol
     #
     "ws-protocols": [{
       "lws-meta": {
         "status": "ok"
       },
       "dumb-increment-protocol": {
         "status": "ok"
       },
       "lws-mirror-protocol": {
         "status": "ok"
       },
       "lws-status": {
         "status": "ok"
       },
       "protocol-post-demo": {
         "status": "ok"
       },
       "lws-server-status": {
         "status": "ok",
         "update-ms": "5000"
       }
     }]
    }
  ]
}

The server always failed at the line marked as red.

/* Get X509 certificate from ssl context */
#if !defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
x = sk_X509_value(vhost->ssl_ctx->extra_certs, 0);
#else
SSL_CTX_get_extra_chain_certs_only(vhost->ssl_ctx, &extra_certs);
if (extra_certs)
x = sk_X509_value(extra_certs, 0);
else
lwsl_err("%s: no extra certs\n", __func__);
#endif

and further, The ssl accept always fail.

lwsws[18957]: insert_wsi_socket_into_fds: 0x1114890: tsi=0, sock=15,
pos-in-fds=1
lwsws[18957]: inserted SSL accept into fds, trying SSL_accept
lwsws[18957]: lws_ssl_get_error: 0x1114ea0 -1 -> 2
lwsws[18957]: _realloc: size 2960: ah struct
lwsws[18957]: _realloc: size 4096: ah data

Someone can help me out?
Thanks, I appreciate the answer.

Best Regards

Yours Chropin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20180122/b71849cb/attachment.html>


More information about the Libwebsockets mailing list