[Libwebsockets] lws_context_creation_info.client_ssl_ca_mem usage

prelag at yahoo.com prelag at yahoo.com
Wed Mar 25 22:45:26 CET 2020


Hello Andy,

4.0.0 built, for some reason my mbedtls headers got blown out.  I built both mbedtls and lws in DEBUG.  Will keep you posted.  Thanks again.






On Wednesday, March 25, 2020, 05:20:35 PM EDT, prelag at yahoo.com <prelag at yahoo.com> wrote: 





Andy,

Now I remember why I could not use 4.0.0.

When building with mbedtls 2.3.2 I get this error:

[ 27%] Building C object CMakeFiles/websockets_shared.dir/lib/tls/mbedtls/mbedtls-ssl.c.o
[ 27%] Building C object CMakeFiles/websockets_shared.dir/lib/tls/mbedtls/lws-genhash.c.o
[ 27%] Building C object CMakeFiles/websockets_shared.dir/lib/tls/mbedtls/lws-genrsa.c.o
/opt/lws/libwebsockets/lib/tls/mbedtls/lws-genrsa.c: In function ‘lws_genrsa_create’:
/opt/lws/libwebsockets/lib/tls/mbedtls/lws-genrsa.c:88:8: error: implicit declaration of function ‘mbedtls_rsa_complete’ [-Werror=implicit-function-declaration]
    if (mbedtls_rsa_complete(ctx->ctx)) {
        ^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
CMakeFiles/websockets_shared.dir/build.make:1502: recipe for target 'CMakeFiles/websockets_shared.dir/lib/tls/mbedtls/lws-genrsa.c.o' failed
make[2]: *** [CMakeFiles/websockets_shared.dir/lib/tls/mbedtls/lws-genrsa.c.o] Error 1
CMakeFiles/Makefile2:289: recipe for target 'CMakeFiles/websockets_shared.dir/all' failed
make[1]: *** [CMakeFiles/websockets_shared.dir/all] Error 2


Any ideas?

Thanks

Paul R.



On Wednesday, March 25, 2020, 04:19:17 PM EDT, andy at warmcat.com <andy at warmcat.com> wrote: 







On March 25, 2020 8:06:05 PM UTC, "prelag at yahoo.com" <prelag at yahoo.com> wrote:
>Hello,
>
>I apologize for the dupe message.  My spam filter was blocking, etc.,
>etc.
>
>Version 3.1.0 built with mbedtls on ARM.

What about, eg, v4.0-stable?

>If I use client_ssl_cert_filepath with that same cert chain from the
>filesystem, it is working.

Yes the code is quite different.

>Just tried a single cert, same outcome.
>
>Here is the syslog output:
>
>192.168.0.112: Mar 25 19:44:01 send_to_syslog: INFO std(out|err)
>[2020/03/25 19:44:01:1849] W: lws_create_context:
>LWS_WITHOUT_EXTENSIONS but extensions ptr set
>
>192.168.0.112: Mar 25 19:44:01 send_to_syslog: INFO std(out|err) ***
>Error in `POC.T3A': malloc(): memory corruption: 0x0153d5f0 ***

Hm... seems to have trashed the heap somewhere along the line.  It looks like you can build this for desktp linux + valgrind it without too much trouble and find it that way.  Or maybe try a later lws first.

-Andy


>It's going to take me a minute to rebuild for this platform.
>
>Thanks again Andy!
>
>On Wednesday, March 25, 2020, 03:49:01 PM EDT, <andy at warmcat.com>
>wrote: 
>
>
>
>
>
>
>
>On March 25, 2020 7:29:20 PM UTC, "prelag at yahoo.com" <prelag at yahoo.com>
>wrote:
>>Hello,
>>I am causing a SIGARBT somehow when trying to utilize the
>>client_ssl_ca_mem field of the lws_context_creation_info struct.  What
>
>What version of lws is it... can you build with -DCMAKE_
>BUILD_TYPE=DEBUG so we can see the backtrace
>
>It seems malloc blows up... eg, what message was it trying to print? 
>It seems mbedtls on embedded...
>
>What happens it you give it a single cert?  At least on some lws
>versions iirc this is passed through to an mbedtls api to parse that
>has some quirks.
>
>-Andy
>
>
>>is the correct way to use this?
>>Stack:
>>Thread #1 721 [core: 0] (Suspended : Signal : SIGABRT:Aborted) 
>>__GI_raise() at raise.c:58 0xb6d99464  __GI_abort() at abort.c:89
>>0xb6d9a7c0  __libc_message() at libc_fatal.c:175 0xb6dd3c08 
>>malloc_printerr() at malloc.c:5,046 0xb6dda724  _int_malloc() at
>>malloc.c:3,509 0xb6ddca58  __GI___libc_malloc() at malloc.c:2,925
>>0xb6dded2c  x509_pm_load() at 0x3ab98  d2i_X509() at 0x39f1e 
>>lws_tls_client_create_vhost_context() at 0x26a20 
>>lws_context_init_client_ssl() at 0x26322  <...more frames...> 
>>
>>Code:
>>const char *bpn_uat_cer = "-----BEGIN CERTIFICATE-----\n"
>>"MIIGrTCCBZWgAwIBAgIQBFkU5B02DI8ZdB9c2V/1CzANBgkqhkiG9w0BAQsFADBc\n"
>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>"d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN\n"
>>"MTgwNjAxMDAwMDAwWhcNMjAwNTMxMTIwMDAwWjCBnDELMAkGA1UEBhMCVVMxEDAO\n"
>>"BgNVBAgTB0Zsb3JpZGExGjAYBgNVBAcTEUFsdGFtb250ZSBTcHJpbmdzMSkwJwYD\n"
>>"VQQKEyBCcmlkZ2VwYXkgTmV0d29yayBTb2x1dGlvbnMsIExMQzELMAkGA1UECxMC\n"
>>"SVQxJzAlBgNVBAMTHnBnYy5icmlkZ2VwYXluZXRzZWN1cmV0ZXN0LmNvbTCCASIw\n"
>>"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgeLoYsgYB2EVkox4YKBaeiUg93\n"
>>"05S+BV1mj52hY4SA4a+Uv2bGPA34uryUyTzBBzs9V40ugmybgpRiEe7ImaVBRRvK\n"
>>"VEftTC2qi5o9y/HySIgHlSyruVFUGGweCz6v32A/4WRXrYMubTcxDPb8eZSz1QKm\n"
>>"pTSjHoAeCftlclwAHSvATz78whhEhbpQudYGBsRjqZVdeEcClGP3ukQuDAdZwjqh\n"
>>"OAUKH2THEXtvtJYWyyWZSGJm4/FMZnhNRqQKFaf5Pz4rxvM3bNOqzTqj4BmA9def\n"
>>"5tcDwblTUBpZ37M0rNJfSebnSc/XrR9Urc1vkJugFAykYptwNoYWhQJ+x2sCAwEA\n"
>>"AaOCAygwggMkMB8GA1UdIwQYMBaAFKPIXmVU5TB4wQXqBwpqWcy5/t5aMB0GA1Ud\n"
>>"DgQWBBQGXyzHHolmD/seY+LpqVf3ozFmITApBgNVHREEIjAggh5wZ2MuYnJpZGdl\n"
>>"cGF5bmV0c2VjdXJldGVzdC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG\n"
>>"CCsGAQUFBwMBBggrBgEFBQcDAjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY2Rw\n"
>>"LnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCG\n"
>>"SAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20v\n"
>>"Q1BTMAgGBmeBDAECAjBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6\n"
>>"Ly9zdGF0dXMudGhhd3RlLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2NhY2VydHMu\n"
>>"dGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggGABgor\n"
>>"BgEEAdZ5AgQCBIIBcASCAWwBagB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3\n"
>>"zQ7IDdwQAAABY7v2qJEAAAQDAEgwRgIhAM5Tsrb1lqzE4D4LtQqmWO9lCH7XzyEb\n"
>>"2qvqldqmhxoEAiEA2tBlvXiMI0WysQqhF7RUipBF4YMdsyjMVZ9tLv9uyTsAdwCH\n"
>>"db/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWO79qk2AAAEAwBIMEYC\n"
>>"IQDB8ZyF+GuzBzihgkJgUxVcZ4YjntDmyVURrqLp8aycwQIhAPPOCZG8ZwIfY2up\n"
>>"Y4DjH2QhlRIjE0rsEPUhMEi+EtbeAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUuga\n"
>>"kJZkNo4e0YUAAAFju/apgQAABAMARzBFAiEA8Z6N8cb1D6XPsu9fcPIvfjuLDyYJ\n"
>>"KlpY3GRvVxq+jsMCIE+zdbBSEcc4SkIWTx/vvj8THcaMVX/OKWrqCKVuVHWbMA0G\n"
>>"CSqGSIb3DQEBCwUAA4IBAQBmQt8QfGKW8/c+o6fZvBAWtwgPnitKgiWvBwIvMlYr\n"
>>"6teFYkRR0qe+vQBWcHF/ax5VyDFHH/MjZLqCzoR0VJKBz1uNTXDYYgfwrwy9EFPt\n"
>>"s9bFiZerIZwBHO55HmpWpvmrT6V178gJOFTGppUbwxuwHWan8075Q2MfVZpuP/kw\n"
>>"0BYJxeFC09tdgz5CiWRJMsAVvYbqr2Dkdrc1IAERQ782qTMbwujCvojpKmIt5w16\n"
>>"UfUY02ICqQ3XgXU/iwMSb3XpnEvP6BIliMgdyW8wW493dEpbZs1igWSct8U1f5bH\n"
>>"YVluRgq/O02MQZgmu6tDXFVd9X9NY/TBwtjfiQ35Vmn1\n" "-----END
>>CERTIFICATE-----\n" "-----BEGIN CERTIFICATE-----\n"
>>"MIIEiTCCA3GgAwIBAgIQAlqK7xlvfg1sIQSyGuZwKzANBgkqhkiG9w0BAQsFADBh\n"
>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
>>"QTAeFw0xNzExMDYxMjIzNTJaFw0yNzExMDYxMjIzNTJaMFwxCzAJBgNVBAYTAlVT\n"
>>"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
>>"b20xGzAZBgNVBAMTElRoYXd0ZSBSU0EgQ0EgMjAxODCCASIwDQYJKoZIhvcNAQEB\n"
>>"BQADggEPADCCAQoCggEBAMoIXuVTipccHkMvtoqnVumLhEOorJ16VYJ6FEuGty+P\n"
>>"Up8cyrEgW2+6It2mnC142ukGCE6+E6bry7s+uQUMPkrh8DIfE071BsVHc4k+gKOL\n"
>>"8QEkm6OZZpJraK0NLbTNcqL0+ThaZaa0jFPBCBqE+P0u8xF1btxqMSmsDYfMk2B4\n"
>>"3yW6JlmRxoNSNabKnLgoGs7XHO4Uv3ZcZas4HnnpfMxJIyaiUlBm0Flh/6D+mkwM\n"
>>"n/nojt4Ji7gVwaQITCacewbb/Yp0W1h+zWOkkS9F8Ho8lAuKfLIFqWeTn2jllWNg\n"
>>"2FiVX+BV75OnETt85pLYZkTgq72nj82khXhBJFTn2AMCAwEAAaOCAUAwggE8MB0G\n"
>>"A1UdDgQWBBSjyF5lVOUweMEF6gcKalnMuf7eWjAfBgNVHSMEGDAWgBQD3lA1VtFM\n"
>>"u2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n"
>>"AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAm\n"
>>"MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0fBDsw\n"
>>"OTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFs\n"
>>"Um9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0\n"
>>"cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEARE2F\n"
>>"5d0cgozhZNWokCLfdhhl6mXSOyU3SoPamYcWfLH1CzMwD8a1+pFvwHIQfvlwXFH8\n"
>>"MrjB3C+jVobNbVWRrgqS3Jsa0ltRH/Ffs6ZTgP4WJYm1SNpUbgR7LWUD2F+PTvKB\n"
>>"M/gf9eSyqP4OiJslYaa38NU1aVAxZI15o+4xX4RZMqKXIIBTG2V+oPBjQ1oPmHGA\n"
>>"C/yWt2eThvb8/re7OpSpUdJyfGf97XeM4PiJAl6+4HQXhjwN7ZPZKrQv9Ay33Mgm\n"
>>"YLVQA+x9HONZXx9vvy8pl9bu+NVYWKGxzGxBK0CBozmVUCeXQPJKPTZleYuNM18p\n"
>>"U1P8Xh1CDguM+ZEoew==\n" "-----END CERTIFICATE-----\n" "-----BEGIN
>>CERTIFICATE-----\n"
>>"MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n"
>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
>>"QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n"
>>"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
>>"b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n"
>>"9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n"
>>"CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n"
>>"nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n"
>>"43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n"
>>"T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n"
>>"gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n"
>>"BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n"
>>"TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n"
>>"DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n"
>>"hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n"
>>"06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n"
>>"PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n"
>>"YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n"
>>"CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n" "-----END
>>CERTIFICATE-----";
>>        int bpn_uat_cer_len = strlen(bpn_uat_cer);
>>        struct lws_context_creation_info info;
>>        const char *p;                int n, logs = LLL_USER | LLL_ERR
>>| LLL_WARN | LLL_NOTICE;
>>        ads = SERVER_NAME; url = SERVER_PATH; port = SERVER_PORT;
>>options |= 2;
>>memset(&info, 0, sizeof info); info.port = CONTEXT_PORT_NO_LISTEN;
>>info.protocols = protocols; info.client_ssl_ca_mem = (const void
>>*)bpn_uat_cer; info.client_ssl_ca_mem_len = bpn_uat_cer_len; info.pvo
>=
>>&pvo; info.extensions = extensions; info.pt_serv_buf_size = 32 * 1024;
>>info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT |
>>LWS_SERVER_OPTION_VALIDATE_UTF8; info.fd_limit_per_thread = 1 + 1 + 1;
>> signal(SIGINT, sigint_handler);
>>context = lws_create_context(&info);  <------dies here when the
>>client_ssl_ca... fields are set if (!context) {  }
>>Thanks in advance!


More information about the Libwebsockets mailing list