Forum

an HTTPS error

kyle
12 March 2007, 06:50
Hello,

when I try to use hiawatha's https an error code SSL_ERROR_SSL returned. Could you help me to find the reason?
I use linux(kernel 2.6) and my openssl version is 0.9.8a. I generate the serverkey.pem file by the mkcert script and put it under the config directory, i.e. /usr/local/etc/hiawatha.
Here is my httpd.conf binding setting:
Binding {
Port = 443
UseSSL = yes
}

I try to use "https://192.168.0.1" to visit the web page by IE6, IE7 and firefox. At this time the error message "SSL_ERROR_SSL" was printed by the web server and the connection is broken.
I checked the source code of hiawatha. The error code is retruned by function SSL_accept() which is from openssl lib.
Is there anything else I need config or I do something wrong?

-Kyle
Kyle
12 March 2007, 06:51
# hiawatha -v
Hiawatha v5.5, SSL, cache
Hugo Leisink
12 March 2007, 10:54
I assume you've included a "ServerKey = /usr/local/etc/hiawatha/serverkey.pem" in httpd.conf?

I see you're using Hiawatha 5.5. Version 5.7 is available. Can you try that one please? The SSL routine have been improved a little in the latest release.

Can you tell me what Linux distribution you are using? I've heard this problem before. There seems to be a problem in OpenSSL 0.9.8.
Guest
13 March 2007, 07:47
Thanks for your response.
Yes, I have a ServerKey = ... in my httpd.conf.
I want to use the Hiawatha webserver in my embeded linux system. I download and try the 5.7 version of hiawatha, the same error returned. As http works well in my system, I think maybe my embeded environment can't support openssl well.
If I find a solution, I'll let you know.
Kyle
23 March 2007, 04:59
I found the reason for the failure : Libcrypto RAND utility requires either working /dev/random (which is not supported in HiveAP ) or a random seed. My box does not have /dev/random, so I change some code in “hiawatha.c”. These code will init a rand seed to libcrypto .
Now, it works all ok.
Thanks
Hugo Leisink
23 March 2007, 10:18
Can you please share that extra code with me?
Kyle
23 March 2007, 18:33
OK.

*** D:\hiawatha-5.7\hiawatha.c 2007-03-03 15:28:02.000000000 +-0800
--- Z:\websrv\hiawatha.c 2007-03-24 00:28:00.000000000 +-0800
***************
*** 75,84 ****
--- 75,87 ----

volatile int received_signal = rs_NONE;
char *hs_conlen = "Content-Length: ";
char *fb_filesystem = "access denied via filesystem";
char *fb_symlink = "symlink not allowed";
char *fb_accesslist = "access denied via accesslist";
+ static const char rnd_seed[] = "string to make the random number generator think it has entropy";
char *version_string = "Hiawatha v"VERSION


#ifdef HAVE_SSL
", SSL"
#endif
***************
*** 1097,1108 ****
--- 1100,1112 ----
signal(SIGCHLD, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
signal(SIGABRT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
signal(SIGSEGV, SEGV_handler);

+ RAND_seed(rnd_seed, sizeof(rnd_seed));
config = default_config();
if (chdir(settings->config_dir) == -1) {
perror(settings->config_dir);
return EXIT_FAILURE;
} else if (settings->config_check) {
printf("Using %s\n", settings->config_dir);
This topic has been closed.