[Libwebsockets] Sal error in server side

dabicho tsukebumi at gmail.com
Tue Jan 23 21:17:08 CET 2018


If it helps, the callback goes throught the following reasons before
the client closes the connection;

LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_ADD_POLL_FD
LWS_CALLBACK_UNLOCK_POLL

LWS_CALLBACK_PROTOCOL_INIT
LWS_CALLBACK_FILTER_NETWORK_CONNECTION
LWS_CALLBACK_WSI_CREATE
LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_ADD_POLL_FD
LWS_CALLBACK_UNLOCK_POLL
LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_CHANGE_MODE_POLL_FD
LWS_CALLBACK_UNLOCK_POLL
LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_CHANGE_MODE_POLL_FD
LWS_CALLBACK_UNLOCK_POLL
LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED
LWS_CALLBACK_CHANGE_MODE_POLL_FD
LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_CHANGE_MODE_POLL_FD
LWS_CALLBACK_UNLOCK_POLL
LWS_CALLBACK_LOCK_POLL
LWS_CALLBACK_DEL_POLL_FD
LWS_CALLBACK_UNLOCK_POLL
LWS_CALLBACK_WSI_DESTROY

For mos of which there is nothing to do


On Tue, Jan 23, 2018 at 12:46 PM, dabicho <tsukebumi at gmail.com> wrote:
> It is version 2.3.0 for fedora 27, compiled with openssl
> Firefox does not bring up such dialog
>
> the test apps seem to work alright
> I am not aware that firefox has any client certificate installed, also
> the options only contain
> LWS_SERVER_OPTION_VALIDATE_UTF8 | LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT
>
> I don't know if this SSL_GLOBAL_INIT implies somehow
> LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT, but I don't set
> that either anywhere.
>
> The info struct is cleared to 0 with memset. before setting any value.
>
> I was hoping it was some option, but it seems it is not the case.
>
> On Tue, Jan 23, 2018 at 1:53 AM, Andy Green <andy at warmcat.com> wrote:
>>
>>
>> On 23/01/18 15:35, dabicho wrote:
>>>
>>> I am getting this error from a Firefox client while migrating libwebsocket
>>> version
>>>
>>> It looks to me as of the client is trying to authenticate itself, which I
>>> was not aware was a possibly or requirement. I didn't see this before.
>>>
>>> Where does this come from?
>>
>>
>>  - what version of lws is it
>>
>>  - building against OpenSSL or mbedTLS?
>>
>>  - does Firefox bring you a dialog for you to select a client cert then?
>>
>>  - I take it that the lws test apps don't have this problem on your
>> platform?
>>
>>> lws_ssl_capable_read failed
>>> routine ssl3_read_bytes:tlsv1 alert unknown ca
>>
>>
>> It says "unknown ca"... this is because you sent it a client cert, or
>> stopped Firefox sending the client cert?
>>
>> If your vhost creation options don't have
>> LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT bit set, it shouldn't
>> ask for any client cert.  Maybe check you memset() the info struct to 0
>> before setting it, if you declare it on the stack.
>>
>> -Andy
>>
>>> Thank you for any idea
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Libwebsockets mailing list
>>> Libwebsockets at ml.libwebsockets.org
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>
>>



More information about the Libwebsockets mailing list