Re: Error with SSL certificates and SSL Filter

Tue, 24 May 2011 04:09:32 -0700 

Hi Markus,
I tried your example and the result was the same error. I thought that there was a problem with the server because even with your script I didn't see any screen on the server to accept the certificate. 


My problem is that the browser enters in a infinite loop after the page 
request. And no page related to any certificate is shown. I am usgin 
Firfox 3.0.17 and the certificate with apache went fine, the screen 
appeared and I could accept the certificate.


Does It make sense?  Do I forgot something, maybe a parameter of the filter?

Regards and thank you for the help.

Dario.

On 24/05/11 12:35, Markus Müller wrote:

Hi Dario,


I am also using untrusted certificates. There is no issue on server at 
all for that, only on client side. You have to accept the certificate 
in the browser, the server don't do anything about that. I just don't 
understand why you think it could be anything about untrusted 
certificates... Everything I mentioned is that in my test the message 
only occures if I connect with a browser which aborts the connection 
cause the certificate is not accepted by the client (= the browser).



What exactly is your problem? Maybe your browser don't allow untrusted 
certificates from a proxy server?



Did you try my example? It makes a https server and not a https proxy. 
Please try if http server works, maybe you just have a problem in your 
browser about poxying and untrusted certificates.


Regards,
Markus Mueller



You are right Markus, I am using a unstrusted certificate. Is there 
any way to use the SSL filter with untrusted certificates? I know 
other libs like LWP can deal with them.



If this is a TODO or a bug I can help you fixing this on the POE SSL 
Filter code :)


Regards,

Dario.

On 24/05/11 11:35, Andy Jenkinson wrote:

When doing something similar, I seem to remember I got this error 
when attempting to connect via HTTP too. I could be making that up 
though.


Cheers,
Andy

On 24 May 2011, at 10:07, Markus Müller wrote:


Hello everyone,

I've tried the following program and it works under Debian Squeeze.


The message "POE::Filter::SSL: UNEXPECTED ERROR: ERR1:0 ERR2:1 
HINT: Check if you have configured a CRT and KEY file, and that 
both are readable at /usr/share/perl5/POE/Wheel/ReadWrite.pm line 
280" occures in my test only if the browser aborts the connection 
during SSL handshake because the certificate is untrusted. In any 
other case I can see the data the server is returning.


Dieser Verbindung wird nicht vertraut


Sie haben Firefox angewiesen, eine gesicherte Verbindung zu 
saytest.priv.de:82 aufzubauen, es kann aber nicht überprüft werden, 
ob die Verbindung sicher ist. Wenn Sie normalerweise eine 
gesicherte Verbindung aufbauen, weist sich die Website mit einer 
vertrauenswürdigen Identifikation aus, um zu garantieren, dass Sie 
die richtige Website besuchen. Die Identifikation dieser Website 
dagegen kann nicht bestätigt werden.


Was sollte ich tun?


Falls Sie für gewöhnlich keine Probleme mit dieser Website haben, 
könnte dieser Fehler bedeuten, dass jemand die Website fälscht. Sie 
sollten in dem Fall nicht fortfahren.


Much regards,
Markus Mueller

#!perl

use strict;
use warnings;
use Socket;
use POE qw(
   Wheel::SocketFactory
   Wheel::ReadWrite
   Driver::SysRW
   Filter::SSL
   Filter::Stackable
   Filter::HTTPD
   Component::Server::TCP
);
POE::Component::Server::TCP->new(
    Alias        =>  "web_server",
    Port         =>  82,

    #ClientFilter =>  'POE::Filter::HTTPD', ##WITHOUT HTTPD FILTER 
THERE ISN'T HTTP HEADERS!!!

    ClientFilter =>  POE::Filter::Stackable->new(
        Filters =>  [

            POE::Filter::SSL->new(crt =>  'sslkeys/server.crt', key 
=>  'sslkeys/server.key'),

            POE::Filter::HTTPD->new(),
        ]
    ),

    ClientInput  =>  \&handle_http_request,
    InlineStates =>  {got_response =>  \&handle_http_response,},
);

sub handle_http_request {

   my ($kernel, $session, $heap, $buf) = @_[KERNEL, SESSION, HEAP, 
ARG0];

   my $content .= "Your URL was: ".$buf->uri."<hr>"
     if (ref($buf) eq "HTTP::Request");
   $content .= localtime(time());
   my $response = HTTP::Response->new(200);
   $response->push_header('Content-type', 'text/html');
   $response->content($content);
   $_[HEAP]{client}->put($response);
   $_[KERNEL]->yield("shutdown");
};

POE::Kernel->run;
exit;


I am making a proxy and it must support the https protocol. I am
trying to enable SSL feature in the server side with this command:

POE::Component::Server::TCP->new(
    Alias        =>  "web_server",
    Port         =>  LISTEN_PORT,
    #ClientFilter =>  'POE::Filter::HTTPD', ##WITHOUT HTTPD FILTER
THERE ISN'T HTTP HEADERS!!!
    ClientFilter =>  POE::Filter::Stackable->new(
        Filters =>  [

            POE::Filter::SSL->new(crt =>  'sslkeys/server.crt', 
key =>

'sslkeys/server.key'),
            POE::Filter::HTTPD->new(),
        ]
    ),

    ClientInput  =>  \&handle_http_request,
    InlineStates =>  {got_response =>  \&handle_http_response,},
);

But when a https request hit the server I get the following error:

POE::Filter::SSL: UNEXPECTED ERROR: ERR1:-1 ERR2:1 HINT: Check if you
have configured a CRT and KEY file, and that both are readable at
/usr/share/perl5/POE/Wheel/ReadWrite.pm line 280


I don't know what this error means because the files has the
permission flags set to 777. Are required some special certs?

Thanks in advance.

























					Reply via email to