[Libwebsockets] Sal error in server side

dabicho tsukebumi at gmail.com
Tue Jan 23 19:46:47 CET 2018


It is version 2.3.0 for fedora 27, compiled with openssl
Firefox does not bring up such dialog

the test apps seem to work alright
I am not aware that firefox has any client certificate installed, also
the options only contain
LWS_SERVER_OPTION_VALIDATE_UTF8 | LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT

I don't know if this SSL_GLOBAL_INIT implies somehow
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT, but I don't set
that either anywhere.

The info struct is cleared to 0 with memset. before setting any value.

I was hoping it was some option, but it seems it is not the case.

On Tue, Jan 23, 2018 at 1:53 AM, Andy Green <andy at warmcat.com> wrote:
>
>
> On 23/01/18 15:35, dabicho wrote:
>>
>> I am getting this error from a Firefox client while migrating libwebsocket
>> version
>>
>> It looks to me as of the client is trying to authenticate itself, which I
>> was not aware was a possibly or requirement. I didn't see this before.
>>
>> Where does this come from?
>
>
>  - what version of lws is it
>
>  - building against OpenSSL or mbedTLS?
>
>  - does Firefox bring you a dialog for you to select a client cert then?
>
>  - I take it that the lws test apps don't have this problem on your
> platform?
>
>> lws_ssl_capable_read failed
>> routine ssl3_read_bytes:tlsv1 alert unknown ca
>
>
> It says "unknown ca"... this is because you sent it a client cert, or
> stopped Firefox sending the client cert?
>
> If your vhost creation options don't have
> LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT bit set, it shouldn't
> ask for any client cert.  Maybe check you memset() the info struct to 0
> before setting it, if you declare it on the stack.
>
> -Andy
>
>> Thank you for any idea
>>
>>
>>
>>
>>
>> _______________________________________________
>> Libwebsockets mailing list
>> Libwebsockets at ml.libwebsockets.org
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>
>



More information about the Libwebsockets mailing list