[Libwebsockets] http://localhost:2080 is requesting your username and password. the site says: "lwsws"

Andy Green andy at warmcat.com
Sat Sep 26 20:02:56 CEST 2020



On 9/26/20 5:53 PM, necktwi wrote:
> I've upgraded libwebsockets.so to v4.0-stable. now when i run my app which is derived from old libwebsockets-test-server, upon http request from a browser, its asking for http authentication:
> http://localhost:2080 is requesting your username and password. the site says: "lwsws"
> 
> lwsts[11370]: lws_header_table_attach: wsi 0x7fdd60056dc0: ah (nil) (tsi 0, count = 0) in
> lwsts[11370]: _lws_create_ah: created ah 0x7fdd600568b0 (size 4096): pool length 1
> lwsts[11370]: lws_header_table_attach: did attach wsi 0x7fdd60056dc0: ah 0x7fdd600568b0: count 1 (on exit)
> lwsts[11370]: lws_buflist_aware_read: wsi 0x7fdd60056dc0: lws_h1_server_socket_service: ssl_capable_read 314
> lwsts[11370]: lws_handshake_server: parsed count 314
> lwsts[11370]: lws_select_vhost: vhost match to www based on port 2080
> lwsts[11370]: lws_handshake_server: 0x7fdd60056dc0: No upgrade
> lwsts[11370]: Method: 'GET' (0), request for '/'
> lwsts[11370]: lws_add_http_header_content_length: wsi 0x7fdd60056dc0: tx_content_length/remain 0
> lwsts[11370]: lws_issue_raw: ssl_capable_write (87) says 87
> lwsts[11370]: lws_http_transaction_completed: wsi 0x7fdd60056dc0
> lwsts[11370]: __lws_header_table_detach: wsi 0x7fdd60056dc0: ah 0x7fdd600568b0 (tsi=0, count = 1)
> lwsts[11370]: __lws_header_table_detach: nobody usable waiting
> lwsts[11370]: _lws_destroy_ah: freed ah 0x7fdd600568b0 : pool length 0
> lwsts[11370]: __lws_header_table_detach: wsi 0x7fdd60056dc0: ah 0x7fdd600568b0 (tsi=0, count = 0)
> lwsts[11370]: wsi 0x7fdd60056dc0: TIMEDOUT WAITING on 15 (did hdr 0, ah (nil), wl 0)
> lwsts[11370]: __lws_close_free_wsi: 0x7fdd60056dc0: caller: timeout
> lwsts[11370]: __lws_close_free_wsi: shutdown conn: 0x7fdd60056dc0 (sk 15, state 0x119)
> lwsts[11370]: rops_destroy_role_h1: ah det due to close
> 
> 
> any security policies enabled in v4.0-stable? or any other problem?

What's your code doing for init of the "mount" struct if that's what it 
has?  You normally set up http authentication there, per mount... if it 
is not memsetting the struct to zero if creating it, it might have junk 
in the members you are not explicitly setting.

The log just shows a normal response to the GET completing the transaction.

You can also tcpdump the non-encrypted link and see what headers are 
flying about rather than guess.

-Andy


More information about the Libwebsockets mailing list