[Libwebsockets] How to fix the "SSL_CTX_get_extra_chain_certs_only" error

Andy Green andy at warmcat.com
Mon Jan 22 13:11:27 CET 2018



On January 22, 2018 8:01:02 PM GMT+08:00, Chropin Hu <chropinhu at gmail.com> wrote:
>Dear All,
>       I am trying to setup a https server  on ubuntu.
>       Currently, I just use the lwsws,
>       The config file like this:
>        {
> "vhosts": [ {
>     "name": "localhost",
>     "port": "7681",
>     "interface": "lo",
>     "host-ssl-key":  "/home/develop/ecdh/ca/ecdhkey.pem",
>     "host-ssl-cert": "/home/develop/ecdh/ca/ecdhcert.pem",
>     "host-ssl-ca":   "/home/develop/ecdh/ca/cacert.pem",

What happens if instead of these, you use the test selfsigned certs lws creates in the build dir when you run cmake?

-Andy

>#     "sts": "on",
>     "mounts": [{
>       "mountpoint": "/",
>       "origin": "file://_lws_ddir_/libwebsockets-test-server",
>       "default": "test.html",
>       "cache-max-age": "60",
>       "cache-reuse": "1",
>       "cache-revalidate": "1",
>       "cache-intermediaries": "0"
>       }, {
>        "mountpoint": "/server-status",
>        "origin":
>"file://_lws_ddir_/libwebsockets-test-server/server-status",
>        "default": "server-status.html"
>        }, {
>        "mountpoint": "/testcgi",
>        "origin":
>"cgi://_lws_ddir_/libwebsockets-test-server/lws-cgi-test.sh"
>
>       }, {
>        "mountpoint": "/formtest",
>        "origin": "callback://protocol-post-demo"
>       }],
>     # which protocols are enabled for this vhost, and optional
>     # vhost-specific config options for the protocol
>     #
>     "ws-protocols": [{
>       "lws-meta": {
>         "status": "ok"
>       },
>       "dumb-increment-protocol": {
>         "status": "ok"
>       },
>       "lws-mirror-protocol": {
>         "status": "ok"
>       },
>       "lws-status": {
>         "status": "ok"
>       },
>       "protocol-post-demo": {
>         "status": "ok"
>       },
>       "lws-server-status": {
>         "status": "ok",
>         "update-ms": "5000"
>       }
>     }]
>    }
>  ]
>}
>
>The server always failed at the line marked as red.
>
>/* Get X509 certificate from ssl context */
>#if !defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
>x = sk_X509_value(vhost->ssl_ctx->extra_certs, 0);
>#else
>SSL_CTX_get_extra_chain_certs_only(vhost->ssl_ctx, &extra_certs);
>if (extra_certs)
>x = sk_X509_value(extra_certs, 0);
>else
>lwsl_err("%s: no extra certs\n", __func__);
>#endif
>
>and further, The ssl accept always fail.
>
>lwsws[18957]: insert_wsi_socket_into_fds: 0x1114890: tsi=0, sock=15,
>pos-in-fds=1
>lwsws[18957]: inserted SSL accept into fds, trying SSL_accept
>lwsws[18957]: lws_ssl_get_error: 0x1114ea0 -1 -> 2
>lwsws[18957]: _realloc: size 2960: ah struct
>lwsws[18957]: _realloc: size 4096: ah data
>
>Someone can help me out?
>Thanks, I appreciate the answer.
>
>Best Regards
>
>Yours Chropin.



More information about the Libwebsockets mailing list