Closed pblemel closed 5 years ago
I apologize for the font weirdness. I'm not sure how to escape program output to prevent that.
Thanks, Peter
The markdown wants three backticks before and after to show it as pre... I edited it in.
First check with native ldd (or objdump) on the target lws library / test app binary binds to the native openssl as you expect. Check the path is where you think you put the lastest versions on the target.
Check timestamps / sha1sum on target + crossbuild machine that the files on the target are the latest ones you built.
If you build with -DCMAKE_BUILD_TYPE=DEBUG
, you can run with -d1039 or so to see more verbose INFO logs.
First check with native ldd (or objdump) on the target lws library / test app binary binds to the native openssl as you expect. Check the path is where you think you put the lastest versions on the target.
# ldd bin/libwebsockets-test-server
./bin/libwebsockets-test-server:
libwebsockets.so.13 => /fs/emmc/lib/libwebsockets.so (0x78000000)
libz.so.2 => /fs/emmc/usr/lib/libz.so.2 (0x78030000)
libssl.so.2 => /fs/emmc/usr/lib/libssl.so.2 (0x78050000)
libcrypto.so.2 => /fs/emmc/usr/lib/libcrypto.so.2 (0x78100000)
libsocket.so.3 => /proc/boot/libsocket.so.3 (0x78090000)
libm.so.2 => /proc/boot/libm.so.2 (0x780c0000)
libc.so.3 => /usr/lib/ldqnx.so.2 (0x1000000)
# ldd lib/libwebsockets.so*
./lib/libwebsockets.so:
libwebsockets.so.13 => /mnt/tmp/lws-epic-root/lib/libwebsockets.so.13 (0x78000000)
libz.so.2 => /fs/emmc/usr/lib/libz.so.2 (0x78030000)
libssl.so.2 => /fs/emmc/usr/lib/libssl.so.2 (0x78050000)
libcrypto.so.2 => /fs/emmc/usr/lib/libcrypto.so.2 (0x78100000)
libsocket.so.3 => /proc/boot/libsocket.so.3 (0x78090000)
libm.so.2 => /proc/boot/libm.so.2 (0x780c0000)
./lib/libwebsockets.so.13:
libwebsockets.so.13 => /mnt/tmp/lws-epic-root/lib/libwebsockets.so.13 (0x78000000)
libz.so.2 => /fs/emmc/usr/lib/libz.so.2 (0x78030000)
libssl.so.2 => /fs/emmc/usr/lib/libssl.so.2 (0x78050000)
libcrypto.so.2 => /fs/emmc/usr/lib/libcrypto.so.2 (0x78100000)
libsocket.so.3 => /proc/boot/libsocket.so.3 (0x78090000)
libm.so.2 => /proc/boot/libm.so.2 (0x780c0000)
These appear to be correct.
On host
make clean ; make -DCMAKE_BUILD_TYPE=DEBUG ; make install
On target
# ls -l bin
total 6580
-rwxr-xr-x 1 1001 300 682116 Sep 08 14:18 libwebsockets-test-client
-rwxr-xr-x 1 1001 300 658380 Sep 08 14:18 libwebsockets-test-fuzxy
-rwxr-xr-x 1 1001 300 623080 Sep 08 14:18 libwebsockets-test-lejp
-rwxr-xr-x 1 1001 300 701759 Sep 08 14:18 libwebsockets-test-server
-rwxr-xr-x 1 1001 300 702898 Sep 08 14:18 libwebsockets-test-server-extpoll
The timestamps match up
``
[2018/09/08 14:29:41:8970] NOTICE: libwebsockets test server - license LGPL2.1+SLE [2018/09/08 14:29:41:9000] NOTICE: (C) Copyright 2010-2018 Andy Green andy@warmcat.com Using resource path "/mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server" [2018/09/08 14:29:41:9110] NOTICE: Creating Vhost 'default' port 7681, 5 protocols, IPv6 off [2018/09/08 14:29:41:9200] INFO: LWS_CALLBACK_EVENT_WAIT_CANCELLED [2018/09/08 14:29:46:3270] INFO: LWS_CALLBACK_EVENT_WAIT_CANCELLED [2018/09/08 14:29:46:3350] NOTICE: forbidding on uri sanitation [2018/09/08 14:29:46:3400] INFO: LWS_CALLBACK_EVENT_WAIT_CANCELLED [2018/09/08 14:29:46:3410] NOTICE: forbidding on uri sanitation `` Edited after re-cmake'ing.
Thanks for taking a look :-)
Peter
make clean ; make -DCMAKE_BUILD_TYPE=DEBUG ; make install
No... that's an argument to cmake. You can set() it (without the -D) in the cmake cross file then redo the build process.
./bin/libwebsockets-test-server:
libwebsockets.so.13 => /fs/emmc/lib/libwebsockets.so (0x78000000)
# ldd lib/libwebsockets.so*
./lib/libwebsockets.so: libwebsockets.so.13 => /mnt/tmp/lws-epic-root/lib/libwebsockets.so.13 (0x78000000)
These paths differ? How come the .so includes itself in the ldd list, is that a qnx thing? The .so should be a symlink to .so.13 no need to list both.
Good catch :-) There was indeed a conflicting libwebsockets.so on the target, even though the library is not in the host tool chain or in the QNX distro as far as I can tell. There must have been a previous attempt to port to this target in the past.
I am now getting a different failure, that I have not yet had time to check the various README's to resolve :+1:
# ./bin/libwebsockets-test-server --ssl -d1039
[2000/01/01 20:22:25:1360] NOTICE: libwebsockets test server - license LGPL2.1+SLE
[2000/01/01 20:22:25:1380] NOTICE: (C) Copyright 2010-2018 Andy Green <andy@warmcat.com>
Using resource path "/mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server"
[2000/01/01 20:22:25:1390] INFO: Initial logging level 1039
[2000/01/01 20:22:25:1400] INFO: Libwebsockets version: 3.0.99 unknown-build-hash
[2000/01/01 20:22:25:1410] INFO: Compiled with
[2000/01/01 20:22:25:1420] INFO: IPV6 not compiled in
[2000/01/01 20:22:25:1430] INFO: LWS_DEF_HEADER_LEN : 4096
[2000/01/01 20:22:25:1440] INFO: LWS_MAX_PROTOCOLS : 5
[2000/01/01 20:22:25:1440] INFO: LWS_MAX_SMP : 1
[2000/01/01 20:22:25:1450] INFO: sizeof (*info) : 296
[2000/01/01 20:22:25:1460] INFO: SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
[2000/01/01 20:22:25:1470] INFO: HTTP2 support : available
[2000/01/01 20:22:25:1480] INFO: Using event loop: poll
[2000/01/01 20:22:25:1490] INFO: Default ALPN advertisment: h2,http/1.1
[2000/01/01 20:22:25:1500] INFO: default timeout (secs): 5
[2000/01/01 20:22:25:1530] INFO: Threads: 1 each 1000 fds
[2000/01/01 20:22:25:1540] INFO: mem: context: 4728 B (632 ctx + (1 thr x 4096))
[2000/01/01 20:22:25:1550] INFO: mem: http hdr rsvd: 5032000 B (1 thr x (4096 + 936) x 1000))
[2000/01/01 20:22:25:1560] INFO: mem: pollfd map: 8000
[2000/01/01 20:22:25:1570] INFO: mem: platform fd map: 4000 bytes
[2000/01/01 20:22:25:1590] INFO: Compiled with OpenSSL support
[2000/01/01 20:22:25:1600] INFO: Doing SSL library init
[2000/01/01 20:22:25:2150] INFO: LWS_MAX_EXTENSIONS_ACTIVE: 1
[2000/01/01 20:22:25:2160] INFO: mem: per-conn: 360 bytes + protocol rx buf
[2000/01/01 20:22:25:2170] INFO: canonical_hostname = cigm_10
[2000/01/01 20:22:25:2180] INFO: lws_cancel_service
[2000/01/01 20:22:25:2190] NOTICE: Creating Vhost 'default' port 7681, 5 protocols, IPv6 off
[2000/01/01 20:22:25:2200] INFO: mounting file:///mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server to /
[2000/01/01 20:22:25:2210] INFO: mounting callback://protocol-post-demo to /formtest
[2000/01/01 20:22:25:2220] INFO: mounting file:///mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server/candide.zip to /ziptest
[2000/01/01 20:22:25:2230] NOTICE: SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SH...
[2000/01/01 20:22:25:2250] NOTICE: Using SSL mode
[2000/01/01 20:22:25:2550] INFO: SSL options 0x13520004
[2000/01/01 20:22:25:2740] ERR: problem getting cert '/mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server/libwebsockets-test-server.pem' 33558530: error:02001002:lib(2):func(1):reason(2)
[2000/01/01 20:22:25:2760] ERR: lws_create_vhost: lws_context_init_server_ssl failed
[2000/01/01 20:22:25:2770] INFO: lws_vhost_destroy1
[2000/01/01 20:22:25:2780] INFO: __lws_vhost_destroy2: 8057620
[2000/01/01 20:22:25:2840] INFO: __lws_vhost_destroy2: Freeing vhost 8057620
[2000/01/01 20:22:25:2850] ERR: vhost creation failed
This one appears to be on me. There's a typo in the path (related to the other issue I posted re: resource path). I'll fix it and let you know how it goes.
Thanks for your help.
Peter
2000/01/01 20:22:25:2740] ERR: problem getting cert '/mnt/tmp/lib/lws-cross-root/share/libwebsockets-test-server/libwebsockets-test-server.pem' 33558530: error:02001002:lib(2):func(1):reason(2)
That path presumably doesn't exist.
When you correct it (just hack the correct path in or whatever) your next problem is the date is garbage, the cert will be rejected since its starting validity date is in the future.
When you correct it (just hack the correct path in or whatever) your next problem is the date is garbage, the cert will be rejected since its starting validity date is in the future.
Yes, I rebooted the target after removing the conflicting shared lib. The target isn't configured to pick up NTP, and I need to manually set the date/time.
It looks like my next step is updating openssl. The version shipped with QNX gives LWS grief.
# ./bin/libwebsockets-test-server --ssl -d1039
[2018/09/08 14:24:35:0500] NOTICE: libwebsockets test server - license LGPL2.1+SLE
[2018/09/08 14:24:35:0510] NOTICE: (C) Copyright 2010-2018 Andy Green <andy@warmcat.com>
Using resource path "/mnt/tmp/lws-epic-root/share/libwebsockets-test-server"
[2018/09/08 14:24:35:0530] INFO: Initial logging level 1039
[2018/09/08 14:24:35:0540] INFO: Libwebsockets version: 3.0.99 unknown-build-hash
[2018/09/08 14:24:35:0550] INFO: Compiled with
[2018/09/08 14:24:35:0550] INFO: IPV6 not compiled in
[2018/09/08 14:24:35:0560] INFO: LWS_DEF_HEADER_LEN : 4096
[2018/09/08 14:24:35:0570] INFO: LWS_MAX_PROTOCOLS : 5
[2018/09/08 14:24:35:0580] INFO: LWS_MAX_SMP : 1
[2018/09/08 14:24:35:0590] INFO: sizeof (*info) : 296
[2018/09/08 14:24:35:0600] INFO: SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
[2018/09/08 14:24:35:0610] INFO: HTTP2 support : available
[2018/09/08 14:24:35:0620] INFO: Using event loop: poll
[2018/09/08 14:24:35:0630] INFO: Default ALPN advertisment: h2,http/1.1
[2018/09/08 14:24:35:0640] INFO: default timeout (secs): 5
[2018/09/08 14:24:35:0670] INFO: Threads: 1 each 1000 fds
[2018/09/08 14:24:35:0680] INFO: mem: context: 4728 B (632 ctx + (1 thr x 4096))
[2018/09/08 14:24:35:0690] INFO: mem: http hdr rsvd: 5032000 B (1 thr x (4096 + 936) x 1000))
[2018/09/08 14:24:35:0700] INFO: mem: pollfd map: 8000
[2018/09/08 14:24:35:0710] INFO: mem: platform fd map: 4000 bytes
[2018/09/08 14:24:35:0730] INFO: Compiled with OpenSSL support
[2018/09/08 14:24:35:0740] INFO: Doing SSL library init
[2018/09/08 14:24:35:1290] INFO: LWS_MAX_EXTENSIONS_ACTIVE: 1
[2018/09/08 14:24:35:1310] INFO: mem: per-conn: 360 bytes + protocol rx buf
[2018/09/08 14:24:35:1320] INFO: canonical_hostname = cigm_10
[2018/09/08 14:24:35:1330] INFO: lws_cancel_service
[2018/09/08 14:24:35:1340] NOTICE: Creating Vhost 'default' port 7681, 5 protocols, IPv6 off
[2018/09/08 14:24:35:1350] INFO: mounting file:///mnt/tmp/lws-epic-root/share/libwebsockets-test-server to /
[2018/09/08 14:24:35:1360] INFO: mounting callback://protocol-post-demo to /formtest
[2018/09/08 14:24:35:1370] INFO: mounting file:///mnt/tmp/lws-epic-root/share/libwebsockets-test-server/candide.zip to /ziptest
[2018/09/08 14:24:35:1380] NOTICE: SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SH...
[2018/09/08 14:24:35:1390] NOTICE: Using SSL mode
[2018/09/08 14:24:35:1690] INFO: SSL options 0x13520004
[2018/09/08 14:24:35:3200] NOTICE: SSL ECDH curve 'prime256v1'
[2018/09/08 14:24:35:3210] ERR: HTTP2 / ALPN configured but not supported by OpenSSL 0x1000103f
[2018/09/08 14:24:35:3270] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.pem
[2018/09/08 14:24:35:3310] NOTICE: Loaded client cert /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.pem
[2018/09/08 14:24:35:3330] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath
[2018/09/08 14:24:35:3350] NOTICE: Loaded client cert private key /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.key.pem
[2018/09/08 14:24:35:3370] NOTICE: created client ssl context for default
[2018/09/08 14:24:35:3390] INFO: lws_vhost_bind_wsi: vh default: count_bound_wsi 1
[2018/09/08 14:24:35:3400] INFO: lws_protocol_init
[2018/09/08 14:24:35:3410] NOTICE: openssl is too old to support lws_tls_vhost_cert_info
[2018/09/08 14:24:35:3420] INFO: LWS_CALLBACK_EVENT_WAIT_CANCELLED
[2018/09/08 14:24:38:5830] INFO: lws_vhost_bind_wsi: vh default: count_bound_wsi 2
Process 294938 (libwebsockets-test-server) terminated SIGSEGV code=1 fltno=11 ip=0106dc60(/usr/lib/ldqnx.so.2@__generic_strlen+0x0) mapaddr=0006dc60. ref=00000000
Thanks for all your help! Peter
Follow up (and potentially new issue) :
The segmentation violation
Process 294938 (libwebsockets-test-server) terminated SIGSEGV code=1 fltno=11 ip=0106dc60(/usr/lib/ldqnx.so.2@__generic_strlen+0x0) mapaddr=0006dc60. ref=00000000
is caused by enabling the extra debug level that you suggested. If I run the binary without it (i.e. not specifying -d), clients connect and the test.html page works as expected.
# ./bin/libwebsockets-test-server --ssl
[2018/09/08 16:36:05:8287] NOTICE: libwebsockets test server - license LGPL2.1+SLE
[2018/09/08 16:36:05:8307] NOTICE: (C) Copyright 2010-2018 Andy Green <andy@warmcat.com>
Using resource path "/mnt/tmp/lws-epic-root/share/libwebsockets-test-server"
[2018/09/08 16:36:05:8887] NOTICE: Creating Vhost 'default' port 7681, 5 protocols, IPv6 off
[2018/09/08 16:36:05:8897] NOTICE: SSL ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:!SHA1:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!AES128-GCM-SH...
[2018/09/08 16:36:05:8917] NOTICE: Using SSL mode
[2018/09/08 16:36:06:0117] NOTICE: SSL ECDH curve 'prime256v1'
[2018/09/08 16:36:06:0127] ERR: HTTP2 / ALPN configured but not supported by OpenSSL 0x1000103f
[2018/09/08 16:36:06:0207] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.pem
[2018/09/08 16:36:06:0247] NOTICE: Loaded client cert /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.pem
[2018/09/08 16:36:06:0267] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath
[2018/09/08 16:36:06:0297] NOTICE: Loaded client cert private key /mnt/tmp/lws-epic-root/share/libwebsockets-test-server/libwebsockets-test-server.key.pem
[2018/09/08 16:36:06:0307] NOTICE: created client ssl context for default
[2018/09/08 16:36:06:0327] NOTICE: openssl is too old to support lws_tls_vhost_cert_info
[2018/09/08 16:36:12:8007] NOTICE: callback_lws_mirror: mirror name ''
[2018/09/08 16:36:12:8027] NOTICE: Created new mi 80632f0 ''
Unfortunately, debugging the code on this target is a little bit problematic for me at the moment so I can't give you a traceback to where it crashes.
Anyway, the long and short of it is that I have a working test-server and know that things work on this target. Now I can get on to the main monkey business of my app :).
Thanks again, Peter
Hi, Andy. I wonder is there any way to set minimum TLS version when use OpenSSL as TLS backend library without edit the source code in line 547 of
lib/tls/openssl/openssl-server.c
I found a CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 MACRO in sdkconfig.h but can't found the equivalent of OpenSSL version.
Thanks, Thistle
https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags
https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h#n523-526
Thanks, and sorry to ask a silly question.
Hi,
The symptom is that libwebsockets-test-server does not use SSL on QNX Neutrino 6 when started with ssl. Firefox/chrome each report errors when attempting to access https://172.23.93.35:7681/ ('172.23.93.35 sent an invalid response', and 'An error occurred during a connection to 172.23.93.35:7681. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG').
I've read through the docs and issues enough to know that this is almost certainly a mis-configuration, however I don't see what I missed :-/.
============================================================== My configuration (in file cross-qnx-cmake) is :
'make' builds everything without errors (output omitted)
./bin/libwebsockets-test-server --ssl
[2000/01/01 19:02:15:8020] NOTICE: libwebsockets test server - license LGPL2.1+SLE [2000/01/01 19:02:15:8050] NOTICE: (C) Copyright 2010-2018 Andy Green andy@warmcat.com
When a browser/client connects in HTTP everything works. When using https://172.23.93.35:7681 : Using resource path "/tmp/lws-cross-root/share/libwebsockets-test-server" [2000/01/01 19:02:15:8160] NOTICE: Creating Vhost 'default' port 7681, 5 protocols, IPv6 off [2000/01/01 19:02:20:4650] NOTICE: forbidding on uri sanitation [2000/01/01 19:02:20:4710] NOTICE: forbidding on uri sanitation
Thanks in advance! Peter