search

chesterpolo / mongoose

Automatically exported from code.google.com/p/mongoose
MIT License
0 stars 0 forks source link

SSL Not working #190

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I have embedded the Mongoose application as a static library in my C++ 
application. Normally in http request it seems working perfectly. But in https 
I am facing one issue.

mg_set_option(ctx, "ssl_cert", "ssl.crt.pem");
mg_set_option(ctx, "ports", "127.0.0.1:5555,127.0.0.1:5556s");

[1287228395] [error] [client 0.0.0.0] (null): cannot open ssl.crt.pem
[1287228395] [error] [client 0.0.0.0] mg_set_option(ssl_cert): failure

I received that 'cannot open..' error in the following line,

else if (CTX != NULL && SSL_CTX_use_PrivateKey_file(
        CTX, pem, SSL_FILETYPE_PEM) == 0)

But it seems success in the line..
if (CTX != NULL && SSL_CTX_use_certificate_file(
        CTX, pem, SSL_FILETYPE_PEM) == 0)

Not sure whether I need to set the 'ssl.key.pem' file for that. If so please 
let me know how to fix that.

What version of the product are you using? On what operating system?
2.8 Windows XP

Note:

Even I face that error, both the http and ssl ports are become listen state. 
But the http request failed with the following error,

An error occurred during a connection to localhost:5556.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Thanks in Advance.

Original issue reported on code.google.com by asharud...@gmail.com on 16 Oct 2010 at 11:34

GoogleCodeExporter commented 9 years ago 
Additionally I have copied libeay32.dll and ssleay32.dll in my bin location , 
but still face that issue.

Awaiting for your response..

Thanks

Original comment by asharud...@gmail.com on 16 Oct 2010 at 11:35

GoogleCodeExporter commented 9 years ago 
Your certificate file appears to be invalid.

Original comment by valenok on 16 Oct 2010 at 12:09

GoogleCodeExporter commented 9 years ago 
hi, Thanks for your response.

Pls note, I have used this certificate for other purposes. It seems to be work 
without any issue.. 

here. the following function is also success with that certificate file,

if (CTX != NULL && SSL_CTX_use_certificate_file(
        CTX, pem, SSL_FILETYPE_PEM) == 0)

Only the SSL_CTX_use_PrivateKey_file function get failed.

any way to check this ..?? how to confirm my certificate file is wrong. Or any 
default certificate I can check with that..??

thanks

Original comment by asharud...@gmail.com on 16 Oct 2010 at 12:24

GoogleCodeExporter commented 9 years ago 
Additionally, I have set the preprocessor as 'NO_CGI' and 'NO_SSI'. Not sure, 
whether these settings affect the ssl connection. Previously (nearly 2 months 
ago) ssl connection works in mongoose with the same ssl certificate file 
without any issue. Not sure what could be the issue.

Thanks..

Original comment by asharud...@gmail.com on 18 Oct 2010 at 12:00

GoogleCodeExporter commented 9 years ago 
hi,,

I have created a new certificate file by following the steps from 
(http://www.devx.com/opensource/Article/20085/1763/page/2) and still face the 
same issue..

Any thoughts..??

Original comment by asharud...@gmail.com on 19 Oct 2010 at 6:45

GoogleCodeExporter commented 9 years ago 
hi
I had similar problems with a self signed certificate.
I don't really know how everything works but here are two things that made me 
solve the problem:
 - remove the pass phrase form the key as mentioned here http://support.kerio.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=508
 - create the .pem file from the merge of the .key and the .crt files as mentioned here http://www.digicert.com/ssl-support/pem-ssl-creation.htm

Hope it helps !
and many thanks for creating mongoose which seems to be really great.

Original comment by francis....@gmail.com on 20 Oct 2010 at 7:05

GoogleCodeExporter commented 9 years ago 
hi,

Thanks for your reply. 

I have followed the instructions from 
http://stackoverflow.com/questions/991758/openssl-pem-key link and make ssl 
work..

I have another query...

Currently if SSL is enabled both the http and https ports are in listen state. 
But now, I want to only allow https connections. Is there a option in mongoose 
to redirect the http requests to https port. so that a requst come to 

http://machineName:5555 will redirect to https://machineName:5556

In future if any issue in SSL connection, I can simply comment out the 
redirection such that the default http request will work.

Is there any way..??

Thanks for your replies..

Original comment by asharud...@gmail.com on 21 Oct 2010 at 7:28

GoogleCodeExporter commented 9 years ago 
Start two mongoose processes. For non-https, create an index.html page like 
this:

<html>
<META HTTP-EQUIV="Refresh" content= "0;URL=https://.....">
</html>

Original comment by valenok on 29 Nov 2010 at 1:20

GoogleCodeExporter commented 9 years ago 
Thanks, I will try.

Original comment by asharud...@gmail.com on 29 Nov 2010 at 5:24