HTTPS server - sslv3 alert certificate unknown

[LeRatierBretonnien]

Hello, I am trying to setup a very simple HTTPS server,with self-signed certificate. I use the following init code :

local http_server = require "http.server"
local app_server = http_server.listen {
    host = "127.0.0.1"
    port = 34000;
    tls = true;    
    onstream = ProcessRequest;
}

ProcessRequest is a simple function that returns a "Hello world".

But when I point my browser to https://127.0.0.1:34000 , I get the following error :

lua_scripts/libraries/lua-http/http/server.lua:184: wrap: starttls: error:0A000416:SSL routines::sslv3 alert certificate unknown        nil

As far as I can see, the TLS ctx is dynamically created in server.lua, and seems OK. What am I doing wrong ? As a side questions, is there a full working example of an HTTPS server somewhere ?

Thanks !

[daurnimator]

But when I point my browser to https://127.0.0.1:34000 , I get the following error :

lua_scripts/libraries/lua-http/http/server.lua:184: wrap: starttls: error:0A000416:SSL routines::sslv3 alert certificate unknown        nil

That's the client refusing the self-signed certificate (as it should).

But indeed there seems to be a bug here in that the error isn't caught in the right place.

[LeRatierBretonnien]

Thanks, yes, of course the client is refusing the certficate, and request a end-user action to accept it, as usual with self-signed certificate.

But it should not break the server anyway : do you have a idea of the fix on the server side ?

Thanks !

[daurnimator]

do you have a idea of the fix on the server side ?

Maybe something like:

app_server:onerror(function(_, context, op, err, errno)
    local msg = op
    if err then
        msg = msg .. ": " .. tostring(err)
    end
    if op == "wrap" then
        -- Just print error rather than throwing
        print(msg)
    else
        error(msg, 2)
    end
end)

[LeRatierBretonnien]

It works, thanks !

[LeRatierBretonnien]

Fixed by comment