[Libwebsockets] lws_context_creation_info.client_ssl_ca_mem usage

prelag at yahoo.com prelag at yahoo.com
Thu Mar 26 14:03:16 CET 2020


Andy, yeah, everything started building correctly when I pulled mbedtls master and rebuilt everything.  Also, I built without libuv this time, not sure if that would have had any effect.  Thanks again.






On Wednesday, March 25, 2020, 09:27:06 PM EDT, <andy at warmcat.com> wrote: 







On March 25, 2020 10:20:30 PM UTC, "prelag at yahoo.com" <prelag at yahoo.com> wrote:
>Hello Andy,
>
>Updating to 4.0.0 did the trick. 
>
>Thanks!

Great.  There's a patch on master

https://libwebsockets.org/git/libwebsockets/commit?id=2a7a92f4d5cdebbcf26e5383c7a191e27e566b8d

that works around building old mbedtls, but it breaks things due to old mbedtls missing rsa api that's actually important to elaborate partially defined rsa keys that are usually what you get in the wild into the full set of parameters mbedtls apis need. The right solution is use a modern version of mbedtls.


-Andy

>
>
>
>On Wednesday, March 25, 2020, 04:19:17 PM EDT, andy at warmcat.com
><andy at warmcat.com> wrote: 
>
>
>
>
>
>
>
>On March 25, 2020 8:06:05 PM UTC, "prelag at yahoo.com" <prelag at yahoo.com>
>wrote:
>>Hello,
>>
>>I apologize for the dupe message.  My spam filter was blocking, etc.,
>>etc.
>>
>>Version 3.1.0 built with mbedtls on ARM.
>
>What about, eg, v4.0-stable?
>
>>If I use client_ssl_cert_filepath with that same cert chain from the
>>filesystem, it is working.
>
>Yes the code is quite different.
>
>>Just tried a single cert, same outcome.
>>
>>Here is the syslog output:
>>
>>192.168.0.112: Mar 25 19:44:01 send_to_syslog: INFO std(out|err)
>>[2020/03/25 19:44:01:1849] W: lws_create_context:
>>LWS_WITHOUT_EXTENSIONS but extensions ptr set
>>
>>192.168.0.112: Mar 25 19:44:01 send_to_syslog: INFO std(out|err) ***
>>Error in `POC.T3A': malloc(): memory corruption: 0x0153d5f0 ***
>
>Hm... seems to have trashed the heap somewhere along the line.  It
>looks like you can build this for desktp linux + valgrind it without
>too much trouble and find it that way.  Or maybe try a later lws first.
>
>-Andy
>
>
>>It's going to take me a minute to rebuild for this platform.
>>
>>Thanks again Andy!
>>
>>On Wednesday, March 25, 2020, 03:49:01 PM EDT, <andy at warmcat.com>
>>wrote: 
>>
>>
>>
>>
>>
>>
>>
>>On March 25, 2020 7:29:20 PM UTC, "prelag at yahoo.com"
><prelag at yahoo.com>
>>wrote:
>>>Hello,
>>>I am causing a SIGARBT somehow when trying to utilize the
>>>client_ssl_ca_mem field of the lws_context_creation_info struct. 
>What
>>
>>What version of lws is it... can you build with -DCMAKE_
>>BUILD_TYPE=DEBUG so we can see the backtrace
>>
>>It seems malloc blows up... eg, what message was it trying to print? 
>>It seems mbedtls on embedded...
>>
>>What happens it you give it a single cert?  At least on some lws
>>versions iirc this is passed through to an mbedtls api to parse that
>>has some quirks.
>>
>>-Andy
>>
>>
>>>is the correct way to use this?
>>>Stack:
>>>Thread #1 721 [core: 0] (Suspended : Signal : SIGABRT:Aborted) 
>>>__GI_raise() at raise.c:58 0xb6d99464  __GI_abort() at abort.c:89
>>>0xb6d9a7c0  __libc_message() at libc_fatal.c:175 0xb6dd3c08 
>>>malloc_printerr() at malloc.c:5,046 0xb6dda724  _int_malloc() at
>>>malloc.c:3,509 0xb6ddca58  __GI___libc_malloc() at malloc.c:2,925
>>>0xb6dded2c  x509_pm_load() at 0x3ab98  d2i_X509() at 0x39f1e 
>>>lws_tls_client_create_vhost_context() at 0x26a20 
>>>lws_context_init_client_ssl() at 0x26322  <...more frames...> 
>>>
>>>Code:
>>>const char *bpn_uat_cer = "-----BEGIN CERTIFICATE-----\n"
>>>"MIIGrTCCBZWgAwIBAgIQBFkU5B02DI8ZdB9c2V/1CzANBgkqhkiG9w0BAQsFADBc\n"
>>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>>"d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN\n"
>>>"MTgwNjAxMDAwMDAwWhcNMjAwNTMxMTIwMDAwWjCBnDELMAkGA1UEBhMCVVMxEDAO\n"
>>>"BgNVBAgTB0Zsb3JpZGExGjAYBgNVBAcTEUFsdGFtb250ZSBTcHJpbmdzMSkwJwYD\n"
>>>"VQQKEyBCcmlkZ2VwYXkgTmV0d29yayBTb2x1dGlvbnMsIExMQzELMAkGA1UECxMC\n"
>>>"SVQxJzAlBgNVBAMTHnBnYy5icmlkZ2VwYXluZXRzZWN1cmV0ZXN0LmNvbTCCASIw\n"
>>>"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgeLoYsgYB2EVkox4YKBaeiUg93\n"
>>>"05S+BV1mj52hY4SA4a+Uv2bGPA34uryUyTzBBzs9V40ugmybgpRiEe7ImaVBRRvK\n"
>>>"VEftTC2qi5o9y/HySIgHlSyruVFUGGweCz6v32A/4WRXrYMubTcxDPb8eZSz1QKm\n"
>>>"pTSjHoAeCftlclwAHSvATz78whhEhbpQudYGBsRjqZVdeEcClGP3ukQuDAdZwjqh\n"
>>>"OAUKH2THEXtvtJYWyyWZSGJm4/FMZnhNRqQKFaf5Pz4rxvM3bNOqzTqj4BmA9def\n"
>>>"5tcDwblTUBpZ37M0rNJfSebnSc/XrR9Urc1vkJugFAykYptwNoYWhQJ+x2sCAwEA\n"
>>>"AaOCAygwggMkMB8GA1UdIwQYMBaAFKPIXmVU5TB4wQXqBwpqWcy5/t5aMB0GA1Ud\n"
>>>"DgQWBBQGXyzHHolmD/seY+LpqVf3ozFmITApBgNVHREEIjAggh5wZ2MuYnJpZGdl\n"
>>>"cGF5bmV0c2VjdXJldGVzdC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG\n"
>>>"CCsGAQUFBwMBBggrBgEFBQcDAjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY2Rw\n"
>>>"LnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCG\n"
>>>"SAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20v\n"
>>>"Q1BTMAgGBmeBDAECAjBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6\n"
>>>"Ly9zdGF0dXMudGhhd3RlLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2NhY2VydHMu\n"
>>>"dGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggGABgor\n"
>>>"BgEEAdZ5AgQCBIIBcASCAWwBagB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3\n"
>>>"zQ7IDdwQAAABY7v2qJEAAAQDAEgwRgIhAM5Tsrb1lqzE4D4LtQqmWO9lCH7XzyEb\n"
>>>"2qvqldqmhxoEAiEA2tBlvXiMI0WysQqhF7RUipBF4YMdsyjMVZ9tLv9uyTsAdwCH\n"
>>>"db/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWO79qk2AAAEAwBIMEYC\n"
>>>"IQDB8ZyF+GuzBzihgkJgUxVcZ4YjntDmyVURrqLp8aycwQIhAPPOCZG8ZwIfY2up\n"
>>>"Y4DjH2QhlRIjE0rsEPUhMEi+EtbeAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUuga\n"
>>>"kJZkNo4e0YUAAAFju/apgQAABAMARzBFAiEA8Z6N8cb1D6XPsu9fcPIvfjuLDyYJ\n"
>>>"KlpY3GRvVxq+jsMCIE+zdbBSEcc4SkIWTx/vvj8THcaMVX/OKWrqCKVuVHWbMA0G\n"
>>>"CSqGSIb3DQEBCwUAA4IBAQBmQt8QfGKW8/c+o6fZvBAWtwgPnitKgiWvBwIvMlYr\n"
>>>"6teFYkRR0qe+vQBWcHF/ax5VyDFHH/MjZLqCzoR0VJKBz1uNTXDYYgfwrwy9EFPt\n"
>>>"s9bFiZerIZwBHO55HmpWpvmrT6V178gJOFTGppUbwxuwHWan8075Q2MfVZpuP/kw\n"
>>>"0BYJxeFC09tdgz5CiWRJMsAVvYbqr2Dkdrc1IAERQ782qTMbwujCvojpKmIt5w16\n"
>>>"UfUY02ICqQ3XgXU/iwMSb3XpnEvP6BIliMgdyW8wW493dEpbZs1igWSct8U1f5bH\n"
>>>"YVluRgq/O02MQZgmu6tDXFVd9X9NY/TBwtjfiQ35Vmn1\n" "-----END
>>>CERTIFICATE-----\n" "-----BEGIN CERTIFICATE-----\n"
>>>"MIIEiTCCA3GgAwIBAgIQAlqK7xlvfg1sIQSyGuZwKzANBgkqhkiG9w0BAQsFADBh\n"
>>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>>"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
>>>"QTAeFw0xNzExMDYxMjIzNTJaFw0yNzExMDYxMjIzNTJaMFwxCzAJBgNVBAYTAlVT\n"
>>>"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
>>>"b20xGzAZBgNVBAMTElRoYXd0ZSBSU0EgQ0EgMjAxODCCASIwDQYJKoZIhvcNAQEB\n"
>>>"BQADggEPADCCAQoCggEBAMoIXuVTipccHkMvtoqnVumLhEOorJ16VYJ6FEuGty+P\n"
>>>"Up8cyrEgW2+6It2mnC142ukGCE6+E6bry7s+uQUMPkrh8DIfE071BsVHc4k+gKOL\n"
>>>"8QEkm6OZZpJraK0NLbTNcqL0+ThaZaa0jFPBCBqE+P0u8xF1btxqMSmsDYfMk2B4\n"
>>>"3yW6JlmRxoNSNabKnLgoGs7XHO4Uv3ZcZas4HnnpfMxJIyaiUlBm0Flh/6D+mkwM\n"
>>>"n/nojt4Ji7gVwaQITCacewbb/Yp0W1h+zWOkkS9F8Ho8lAuKfLIFqWeTn2jllWNg\n"
>>>"2FiVX+BV75OnETt85pLYZkTgq72nj82khXhBJFTn2AMCAwEAAaOCAUAwggE8MB0G\n"
>>>"A1UdDgQWBBSjyF5lVOUweMEF6gcKalnMuf7eWjAfBgNVHSMEGDAWgBQD3lA1VtFM\n"
>>>"u2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n"
>>>"AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAm\n"
>>>"MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0fBDsw\n"
>>>"OTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFs\n"
>>>"Um9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0\n"
>>>"cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEARE2F\n"
>>>"5d0cgozhZNWokCLfdhhl6mXSOyU3SoPamYcWfLH1CzMwD8a1+pFvwHIQfvlwXFH8\n"
>>>"MrjB3C+jVobNbVWRrgqS3Jsa0ltRH/Ffs6ZTgP4WJYm1SNpUbgR7LWUD2F+PTvKB\n"
>>>"M/gf9eSyqP4OiJslYaa38NU1aVAxZI15o+4xX4RZMqKXIIBTG2V+oPBjQ1oPmHGA\n"
>>>"C/yWt2eThvb8/re7OpSpUdJyfGf97XeM4PiJAl6+4HQXhjwN7ZPZKrQv9Ay33Mgm\n"
>>>"YLVQA+x9HONZXx9vvy8pl9bu+NVYWKGxzGxBK0CBozmVUCeXQPJKPTZleYuNM18p\n"
>>>"U1P8Xh1CDguM+ZEoew==\n" "-----END CERTIFICATE-----\n" "-----BEGIN
>>>CERTIFICATE-----\n"
>>>"MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n"
>>>"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
>>>"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
>>>"QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n"
>>>"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
>>>"b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n"
>>>"9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n"
>>>"CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n"
>>>"nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n"
>>>"43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n"
>>>"T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n"
>>>"gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n"
>>>"BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n"
>>>"TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n"
>>>"DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n"
>>>"hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n"
>>>"06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n"
>>>"PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n"
>>>"YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n"
>>>"CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n" "-----END
>>>CERTIFICATE-----";
>>>        int bpn_uat_cer_len = strlen(bpn_uat_cer);
>>>        struct lws_context_creation_info info;
>>>        const char *p;                int n, logs = LLL_USER |
>LLL_ERR
>>>| LLL_WARN | LLL_NOTICE;
>>>        ads = SERVER_NAME; url = SERVER_PATH; port = SERVER_PORT;
>>>options |= 2;
>>>memset(&info, 0, sizeof info); info.port = CONTEXT_PORT_NO_LISTEN;
>>>info.protocols = protocols; info.client_ssl_ca_mem = (const void
>>>*)bpn_uat_cer; info.client_ssl_ca_mem_len = bpn_uat_cer_len; info.pvo
>>=
>>>&pvo; info.extensions = extensions; info.pt_serv_buf_size = 32 *
>1024;
>>>info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT |
>>>LWS_SERVER_OPTION_VALIDATE_UTF8; info.fd_limit_per_thread = 1 + 1 +
>1;
>>> signal(SIGINT, sigint_handler);
>>>context = lws_create_context(&info);  <------dies here when the
>>>client_ssl_ca... fields are set if (!context) {  }
>>>Thanks in advance!


More information about the Libwebsockets mailing list