subject:"\[Mojolicious\] Mojolicious\:\:Lite HTTPS \/ SSL \/ TLS not working"

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-07-03 Thread Nick Morrott

On Sunday, June 23, 2019 at 4:18:53 AM UTC+1, Celejar wrote:
>
> On Sat, 22 Jun 2019 17:44:48 -0700 (PDT) 
> Nick Morrott > wrote: 
>
> ... 
>
> > The next Debian stable release (10/buster) is currently frozen and due 
> for 
> > release 2019-07-06. It will be released with a system-wide minimum 
> > supported TLS version of 1.2, which the current mojolicious default 
> https 
> > key does not support. As a result, connections over https using this 
> > certificate on current Debian testing/unstable and the next stable 
> release 
> > "buster" will fail. 
>
> Ah, thanks for the explanation! 
>
> Celejar 
>

Upstream have created a new TLS keypair which will be included in the next 
Mojolicious release.

My current plan is to review the update and upload a new 8.12 build which 
includes the updated keypair, targetting the first Debian "buster" point 
release.

Cheers,
Nick

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/1aae2084-fb65-48dc-922c-9083c220c3de%40googlegroups.com.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-06-22 Thread Celejar

On Sat, 22 Jun 2019 17:44:48 -0700 (PDT)
Nick Morrott  wrote:

...

> The next Debian stable release (10/buster) is currently frozen and due for 
> release 2019-07-06. It will be released with a system-wide minimum 
> supported TLS version of 1.2, which the current mojolicious default https 
> key does not support. As a result, connections over https using this 
> certificate on current Debian testing/unstable and the next stable release 
> "buster" will fail.

Ah, thanks for the explanation!

Celejar

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/20190622231850.64a214c009329c3483165a97%40gmail.com.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-06-22 Thread Nick Morrott

On Thursday, May 30, 2019 at 6:40:28 PM UTC+1, Celejar wrote:

>
> I see that Debian does ship the default certificate, in:
>
> /usr/share/perl5/Mojo/IOLoop/resources/server.crt
> /usr/share/perl5/Mojo/IOLoop/resources/server.key
>
> Has Debian disabled it, or is there something that one needs to do to 
> enable it? The documentation implies that running the server as I did 
> should just work with the built-in certificate?
>

The next Debian stable release (10/buster) is currently frozen and due for 
release 2019-07-06. It will be released with a system-wide minimum 
supported TLS version of 1.2, which the current mojolicious default https 
key does not support. As a result, connections over https using this 
certificate on current Debian testing/unstable and the next stable release 
"buster" will fail.

As you have noticed, creating new keys that are TLS 1.2+ compliant will 
work. It is also possible to adjust the minimum supported TLS version on 
your system, but this is not recommended.

I have created a PR for consideration which replaces the current keypair 
with one suitable for TLS 1.2+ at:

https://github.com/mojolicious/mojo/pull/1371

I would also recommend that the keys used during the TEST_TLS phase of the 
test suite similarly be updated to support TLS 1.2+.

Cheers,
Nick

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/b89b31bc-0a60-48b7-8364-a6271c235717%40googlegroups.com.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-30 Thread Celejar



On Wednesday, May 29, 2019 at 1:07:50 PM UTC-4, Vincent Tondellier wrote:
>
> Hi, 
>
> On mardi 21 mai 2019 19:42:35 CEST, Celejar wrote: 
>
> ... 
>
> > ~$ openssl s_client  -connect localhost:3000 
> > CONNECTED(0003) 
> > write:errno=104 
> > --- 
> > no peer certificate available 
>
> This is usually the result when the server does not send a certificate 
>
> Did you generate and configure a certificate and key ? 
>
> Example (on Debian buster/testing) : 
>
 

> ...


 

> $ openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem 
> -days 2 -sha256 -subj '/CN=localhost' 
> $ mojo daemon -l 'https://*:3000?cert=cert.pem=key.pem' 
> $ curl -k https://localhost:3000 
> Your Mojo is working! 
>
> Thanks - that works! But I shouldn't have to do this - according to the 
documentation:

Mojolicious contains a very portable non-blocking I/O HTTP and WebSocket 
server with Mojo::Server::Daemon ... Another huge advantage is that it 
supports TLS and WebSockets out of the box, a development certificate for 
testing purposes is built right in, so it just works, but you can specify 
all listen locations supported by "listen" in Mojo::Server::Daemon.

 $ ./script/my_app daemon -l https://[::]:3000
 Server available at https://[::]:3000

I see that Debian does ship the default certificate, in:

/usr/share/perl5/Mojo/IOLoop/resources/server.crt
/usr/share/perl5/Mojo/IOLoop/resources/server.key

Has Debian disabled it, or is there something that one needs to do to 
enable it? The documentation implies that running the server as I did 
should just work with the built-in certificate?

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/4c4cec6a-acf3-46ad-bfe7-10430e527799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-29 Thread 'Vincent Tondellier' via Mojolicious


Hi,

On mardi 21 mai 2019 19:42:35 CEST, Celejar wrote:
I'm trying to access my Mojolicious::Lite web app via HTTPS, but it's not 
working: the SSL connection is apparently immediately reset by the server:


~$ perl/app.pl daemon -l https://*:3000
[2019-05-21 13:40:24.49479] [10969] [info] Listening at "https://*:3000;
Server available at https://127.0.0.1:3000


...


~$ openssl s_client  -connect localhost:3000
CONNECTED(0003)
write:errno=104
---
no peer certificate available


This is usually the result when the server does not send a certificate

Did you generate and configure a certificate and key ?

Example (on Debian buster/testing) :

$ mojo daemon -l 'https://*:3000' 
$ curl -k https://localhost:3000
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 
localhost:3000



$ openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem 
-days 2 -sha256 -subj '/CN=localhost'

$ mojo daemon -l 'https://*:3000?cert=cert.pem=key.pem'
$ curl -k https://localhost:3000
Your Mojo is working!

See the doc for how to use a configuration file :

https://mojolicious.org/perldoc/Mojolicious/Guides/Cookbook#Hypnotoad
https://mojolicious.org/perldoc/Mojo/Server/Daemon#listen

--
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/5e5b6345-6d7f-4556-ab11-6929b37edf66%40team1664.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-29 Thread Celejar



On Friday, May 24, 2019 at 5:19:14 PM UTC-4, Celejar wrote:

I've reported a bug in the Debian BTS:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/309226ab-72dc-4e39-808d-e12cd71efe49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-24 Thread Celejar



On Thursday, May 23, 2019 at 2:18:10 PM UTC-4, Dan Book wrote:
>
> You could easily try by installing them to a local::lib with cpanm and 
> temporarily adding the local::lib to your PERL5LIB. This would at least 
> help isolate the problem.
>
> $ wget -qO cpanm https://cpanmin.us # or App::cpanminus probably 
> available from repo
> $ perl ./cpanm -l local Net::SSLeay IO::Socket::SSL
> $ PERL5LIB=local/lib/perl5 perl app.pl daemon ...
>

Thanks - I knew there must be a relatively simple way to do this, but I 
didn't realize quite how simple ;)

I tried with up to date Net::SSLeay, IO::Socket::SSL, and Mojolicious 
itself, but the problem unfortunately persists:

~$ PERL5LIB=local/lib/perl5 mojo daemon -l https://*:3000
Server available at https://127.0.0.1:3000
^Cyitzhak@lila:~$ PERL5LIB=local/lib/perl5 mojo version
CORE
  Perl(v5.28.1, linux)
  Mojolicious (8.17, Supervillain)

OPTIONAL
  Cpanel::JSON::XS 4.04+  (n/a)
  EV 4.0+ (4.25)
  IO::Socket::Socks 0.64+ (n/a)
  IO::Socket::SSL 2.009+  (2.066)
  Net::DNS::Native 0.15+  (n/a)
  Role::Tiny 2.01+(2.06)

This version is up to date, have fun!

$ mojo get -k https://127.0.0.1:3000
SSL connect attempt failed
 at /usr/share/perl5/Mojolicious/Command/get.pm line 77.

FWIW:

$ openssl version
OpenSSL 1.1.1b  26 Feb 2019

-Dan
>
> On Thu, May 23, 2019 at 2:04 PM Celejar > 
> wrote:
>
>>
>>
>> On Wednesday, May 22, 2019 at 10:21:56 AM UTC-4, Stefan Adams wrote:
>>>
>>>
>>>
>>> On Wed, May 22, 2019 at 7:20 AM Celejar  wrote:
>>>
 Make sure everything is up to snuff with IO::Socket::SSL
>

 What would you suggest I do, specifically?

>>>
>>> Unfortunately, I'll be of little help here.   Did listening on https for 
>>> your app ever work on this instance that is currently failing?  The latest 
>>> version of IO::Socket::SSL is 2.066 -- perhaps update?  I think 
>>> IO::Socket::SSL depends on Net::SSLeay, perhaps update it to the latest 
>>> version 1.88?  Of course, it's always a good idea to update Mojolicious to 
>>> the latest version.  Do those one at a time and test after each update.  
>>> What about updating your openssl library openssl, libssl1.0.0, and 
>>> libssl-dev?  I'm on Ubuntu 16.04 with openssl 1.0.2g.
>>>
>>
>> Thanks. I'm not sure these version are available from the Debian repos, 
>> and installing them by hand will take some doing. [I already tried updating 
>> one of the perl modules via Debian's dh-make-perl tool, but the resulting 
>> package wouldn't install. I've never used raw CPAN.]
>>
>>>
>>> Before doing any of that, I'm just curious: openssl, curl, and wget all 
>>> fail for you...  what about trying the mojo useragent?
>>>
>>  
>>
>>>
>>> $ mojo get -k https://127.0.0.1:3000
>>> Your Mojo is working!
>>>
>>>
>> $ mojo get -k https://127.0.0.1:3000
>> SSL connect attempt failed
>>  at /usr/share/perl5/Mojolicious/Command/get.pm line 77.
>>  
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mojolicious" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to mojol...@googlegroups.com .
>> To post to this group, send email to mojol...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/mojolicious.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/mojolicious/cb8237fb-7a77-4ac8-b4ee-add1fb233d33%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/57509597-6a36-4ce2-9e01-5ab1220c59a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-23 Thread Luc Didry

jeudi 23 mai 2019, 20:25:41 CEST Randall Sindlinger wrote:
> +1 for cpanm
> 
> I'd also suggest looking at trying out Perlbrew (https://perlbrew.pl/) for 
> running a Perl independent of the debian install.  But for just testing new 
> versions of 1 or 2 modules, Dan's suggestion is probably simplest.
> 
> -Randall

You can also use Carton, which is very handy. See
https://mojolicious.io/blog/2018/12/22/use-carton-for-your-mojolicious-app-deployment/
on why and how use it.
-- 
Luc
https://fiat-tux.fr/
https://luc.frama.io/
Internet n'est pas compliqué, Internet est ce que vous en faites.



-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/1935251.Sz5R5mMIFg%40odysseus.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-23 Thread Randall Sindlinger

+1 for cpanm

I'd also suggest looking at trying out Perlbrew (https://perlbrew.pl/) for 
running a Perl independent of the debian install.  But for just testing new 
versions of 1 or 2 modules, Dan's suggestion is probably simplest.

-Randall

On Thursday, May 23, 2019 at 2:18:10 PM UTC-4, Dan Book wrote:
>
> You could easily try by installing them to a local::lib with cpanm and 
> temporarily adding the local::lib to your PERL5LIB. This would at least 
> help isolate the problem.
>
> $ wget -qO cpanm https://cpanmin.us # or App::cpanminus probably 
> available from repo
> $ perl ./cpanm -l local Net::SSLeay IO::Socket::SSL
> $ PERL5LIB=local/lib/perl5 perl app.pl daemon ...
>
> -Dan
>
> On Thu, May 23, 2019 at 2:04 PM Celejar > 
> wrote:
>
>>
>>
>> On Wednesday, May 22, 2019 at 10:21:56 AM UTC-4, Stefan Adams wrote:
>>>
>>>
>>>
>>> On Wed, May 22, 2019 at 7:20 AM Celejar  wrote:
>>>
 Make sure everything is up to snuff with IO::Socket::SSL
>

 What would you suggest I do, specifically?

>>>
>>> Unfortunately, I'll be of little help here.   Did listening on https for 
>>> your app ever work on this instance that is currently failing?  The latest 
>>> version of IO::Socket::SSL is 2.066 -- perhaps update?  I think 
>>> IO::Socket::SSL depends on Net::SSLeay, perhaps update it to the latest 
>>> version 1.88?  Of course, it's always a good idea to update Mojolicious to 
>>> the latest version.  Do those one at a time and test after each update.  
>>> What about updating your openssl library openssl, libssl1.0.0, and 
>>> libssl-dev?  I'm on Ubuntu 16.04 with openssl 1.0.2g.
>>>
>>
>> Thanks. I'm not sure these version are available from the Debian repos, 
>> and installing them by hand will take some doing. [I already tried updating 
>> one of the perl modules via Debian's dh-make-perl tool, but the resulting 
>> package wouldn't install. I've never used raw CPAN.]
>>
>>>
>>> Before doing any of that, I'm just curious: openssl, curl, and wget all 
>>> fail for you...  what about trying the mojo useragent?
>>>
>>  
>>
>>>
>>> $ mojo get -k https://127.0.0.1:3000
>>> Your Mojo is working!
>>>
>>>
>> $ mojo get -k https://127.0.0.1:3000
>> SSL connect attempt failed
>>  at /usr/share/perl5/Mojolicious/Command/get.pm line 77.
>>  
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mojolicious" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to mojol...@googlegroups.com .
>> To post to this group, send email to mojol...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/mojolicious.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/mojolicious/cb8237fb-7a77-4ac8-b4ee-add1fb233d33%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/86a161ae-c9ac-4cfb-9255-223e032c24eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-23 Thread Dan Book

You could easily try by installing them to a local::lib with cpanm and
temporarily adding the local::lib to your PERL5LIB. This would at least
help isolate the problem.

$ wget -qO cpanm https://cpanmin.us # or App::cpanminus probably available
from repo
$ perl ./cpanm -l local Net::SSLeay IO::Socket::SSL
$ PERL5LIB=local/lib/perl5 perl app.pl daemon ...

-Dan

On Thu, May 23, 2019 at 2:04 PM Celejar  wrote:

>
>
> On Wednesday, May 22, 2019 at 10:21:56 AM UTC-4, Stefan Adams wrote:
>>
>>
>>
>> On Wed, May 22, 2019 at 7:20 AM Celejar  wrote:
>>
>>> Make sure everything is up to snuff with IO::Socket::SSL

>>>
>>> What would you suggest I do, specifically?
>>>
>>
>> Unfortunately, I'll be of little help here.   Did listening on https for
>> your app ever work on this instance that is currently failing?  The latest
>> version of IO::Socket::SSL is 2.066 -- perhaps update?  I think
>> IO::Socket::SSL depends on Net::SSLeay, perhaps update it to the latest
>> version 1.88?  Of course, it's always a good idea to update Mojolicious to
>> the latest version.  Do those one at a time and test after each update.
>> What about updating your openssl library openssl, libssl1.0.0, and
>> libssl-dev?  I'm on Ubuntu 16.04 with openssl 1.0.2g.
>>
>
> Thanks. I'm not sure these version are available from the Debian repos,
> and installing them by hand will take some doing. [I already tried updating
> one of the perl modules via Debian's dh-make-perl tool, but the resulting
> package wouldn't install. I've never used raw CPAN.]
>
>>
>> Before doing any of that, I'm just curious: openssl, curl, and wget all
>> fail for you...  what about trying the mojo useragent?
>>
>
>
>>
>> $ mojo get -k https://127.0.0.1:3000
>> Your Mojo is working!
>>
>>
> $ mojo get -k https://127.0.0.1:3000
> SSL connect attempt failed
>  at /usr/share/perl5/Mojolicious/Command/get.pm line 77.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mojolicious+unsubscr...@googlegroups.com.
> To post to this group, send email to mojolicious@googlegroups.com.
> Visit this group at https://groups.google.com/group/mojolicious.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/mojolicious/cb8237fb-7a77-4ac8-b4ee-add1fb233d33%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/CABMkAVU7541DHvGi-wfQiJ2LQ3mKm5D0W6xwu8%2BizYhzxx8xUw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-22 Thread Stefan Adams

On Wed, May 22, 2019 at 7:20 AM Celejar  wrote:

> Make sure everything is up to snuff with IO::Socket::SSL
>>
>
> What would you suggest I do, specifically?
>

Unfortunately, I'll be of little help here.   Did listening on https for
your app ever work on this instance that is currently failing?  The latest
version of IO::Socket::SSL is 2.066 -- perhaps update?  I think
IO::Socket::SSL depends on Net::SSLeay, perhaps update it to the latest
version 1.88?  Of course, it's always a good idea to update Mojolicious to
the latest version.  Do those one at a time and test after each update.
What about updating your openssl library openssl, libssl1.0.0, and
libssl-dev?  I'm on Ubuntu 16.04 with openssl 1.0.2g.

Before doing any of that, I'm just curious: openssl, curl, and wget all
fail for you...  what about trying the mojo useragent?

$ mojo get -k https://127.0.0.1:3000
Your Mojo is working!

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/CACyQ%2BFSo3DJuttjM07D-HDGqXnNTkVeKtrJk1uNiV%2BbzuXE4cg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-22 Thread Celejar



On Tuesday, May 21, 2019 at 3:10:24 PM UTC-4, Stefan Adams wrote:
>
> Try your test out with a built-in HelloWorld app:
>
> $ mojo daemon -l https://*:3000
> Server available at https://127.0.0.1:3000
> $ curl -k https://127.0.0.1:3000
> Your Mojo is working!
>
>
~$ mojo daemon -l https://*:3000
Server available at https://127.0.0.1:3000

~$ curl -k https://127.0.0.1:3000
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 
127.0.0.1:3000

I doubt there's a problem with Mojo's SSL implementation as it doesn't 
> really have one -- it relies on IO::Socket::SSL.
>
> $ mojo version
> CORE
>   Perl(v5.22.1, linux)
>   Mojolicious (8.12, Supervillain)
>
> OPTIONAL
>   Cpanel::JSON::XS 4.04+  (n/a)
>   EV 4.0+ (n/a)
>   IO::Socket::Socks 0.64+ (n/a)
> *  IO::Socket::SSL 2.009+  (2.024)*
>   Net::DNS::Native 0.15+  (n/a)
>   Role::Tiny 2.01+(2.06)
>
> You might want to update your Mojolicious to 8.16!
>
>
~$ mojo version
CORE
  Perl(v5.28.1, linux)
  Mojolicious (8.12, Supervillain)

OPTIONAL
  Cpanel::JSON::XS 4.04+  (n/a)
  EV 4.0+ (4.25)
  IO::Socket::Socks 0.64+ (n/a)
  IO::Socket::SSL 2.009+  (2.060)
  Net::DNS::Native 0.15+  (n/a)
  Role::Tiny 2.01+(2.06)

You might want to update your Mojolicious to 8.16!

Make sure everything is up to snuff with IO::Socket::SSL
>

What would you suggest I do, specifically?

Thanks,

On Tue, May 21, 2019 at 12:42 PM Celejar > 
> wrote:
>
>> Hi,
>>
>> I'm trying to access my Mojolicious::Lite web app via HTTPS, but it's not 
>> working: the SSL connection is apparently immediately reset by the server:
>>
>> ~$ perl/app.pl daemon -l https://*:3000
>> [2019-05-21 13:40:24.49479] [10969] [info] Listening at "https://*:3000;
>> Server available at https://127.0.0.1:3000
>>
>> ~$ curl -v -k https://127.0.0.1:3000
>> * Expire in 0 ms for 6 (transfer 0x55d756de3dd0)
>> *   Trying 127.0.0.1...
>> * TCP_NODELAY set
>> * Expire in 200 ms for 4 (transfer 0x55d756de3dd0)
>> * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
>> * ALPN, offering h2
>> * ALPN, offering http/1.1
>> * successfully set certificate verify locations:
>> *   CAfile: none
>>   CApath: /etc/ssl/certs
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3000 
>> * Closing connection 0
>> curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 
>> 127.0.0.1:3000
>>
>> ~$ openssl s_client  -connect localhost:3000
>> CONNECTED(0003)
>> write:errno=104
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 0 bytes and written 283 bytes
>> Verification: OK
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> Early data was not sent
>> Verify return code: 0 (ok)
>> ---
>>
>> ~$ wget -v  https://localhost:3000
>> --2019-05-21 11:17:27--  https://localhost:3000/
>> Resolving localhost (localhost)... ::1, 127.0.0.1
>> Connecting to localhost (localhost)|::1|:3000... failed: Connection 
>> refused.
>> Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
>> GnuTLS: Error in the pull function.
>> Unable to establish SSL connection.
>>
>> Am I doing something wrong, or is something wrong with Mojo's SSL 
>> implementation?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mojolicious" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to mojol...@googlegroups.com .
>> To post to this group, send email to mojol...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/mojolicious.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/mojolicious/59b0dcdb-c5e2-47e9-9a61-72b9ee3bbd48%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/02377b24-6c8b-4856-9883-1c75bc676659%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-21 Thread Stefan Adams

Try your test out with a built-in HelloWorld app:

$ mojo daemon -l https://*:3000
Server available at https://127.0.0.1:3000
$ curl -k https://127.0.0.1:3000
Your Mojo is working!


I doubt there's a problem with Mojo's SSL implementation as it doesn't
really have one -- it relies on IO::Socket::SSL.

$ mojo version
CORE
  Perl(v5.22.1, linux)
  Mojolicious (8.12, Supervillain)

OPTIONAL
  Cpanel::JSON::XS 4.04+  (n/a)
  EV 4.0+ (n/a)
  IO::Socket::Socks 0.64+ (n/a)
*  IO::Socket::SSL 2.009+  (2.024)*
  Net::DNS::Native 0.15+  (n/a)
  Role::Tiny 2.01+(2.06)

You might want to update your Mojolicious to 8.16!


Make sure everything is up to snuff with IO::Socket::SSL.

On Tue, May 21, 2019 at 12:42 PM Celejar  wrote:

> Hi,
>
> I'm trying to access my Mojolicious::Lite web app via HTTPS, but it's not
> working: the SSL connection is apparently immediately reset by the server:
>
> ~$ perl/app.pl daemon -l https://*:3000
> [2019-05-21 13:40:24.49479] [10969] [info] Listening at "https://*:3000;
> Server available at https://127.0.0.1:3000
>
> ~$ curl -v -k https://127.0.0.1:3000
> * Expire in 0 ms for 6 (transfer 0x55d756de3dd0)
> *   Trying 127.0.0.1...
> * TCP_NODELAY set
> * Expire in 200 ms for 4 (transfer 0x55d756de3dd0)
> * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3000
> * Closing connection 0
> curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
> 127.0.0.1:3000
>
> ~$ openssl s_client  -connect localhost:3000
> CONNECTED(0003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 283 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> ~$ wget -v  https://localhost:3000
> --2019-05-21 11:17:27--  https://localhost:3000/
> Resolving localhost (localhost)... ::1, 127.0.0.1
> Connecting to localhost (localhost)|::1|:3000... failed: Connection
> refused.
> Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
> GnuTLS: Error in the pull function.
> Unable to establish SSL connection.
>
> Am I doing something wrong, or is something wrong with Mojo's SSL
> implementation?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mojolicious+unsubscr...@googlegroups.com.
> To post to this group, send email to mojolicious@googlegroups.com.
> Visit this group at https://groups.google.com/group/mojolicious.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/mojolicious/59b0dcdb-c5e2-47e9-9a61-72b9ee3bbd48%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/CACyQ%2BFSeBpf9LWd95xyZWpB_aGwke0_mxkSqybFzfphdkyiEEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

2019-05-21 Thread Celejar

Hi,

I'm trying to access my Mojolicious::Lite web app via HTTPS, but it's not 
working: the SSL connection is apparently immediately reset by the server:

~$ perl/app.pl daemon -l https://*:3000
[2019-05-21 13:40:24.49479] [10969] [info] Listening at "https://*:3000;
Server available at https://127.0.0.1:3000

~$ curl -v -k https://127.0.0.1:3000
* Expire in 0 ms for 6 (transfer 0x55d756de3dd0)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d756de3dd0)
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3000 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 
127.0.0.1:3000

~$ openssl s_client  -connect localhost:3000
CONNECTED(0003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

~$ wget -v  https://localhost:3000
--2019-05-21 11:17:27--  https://localhost:3000/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:3000... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
GnuTLS: Error in the pull function.
Unable to establish SSL connection.

Am I doing something wrong, or is something wrong with Mojo's SSL 
implementation?

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mojolicious/59b0dcdb-c5e2-47e9-9a61-72b9ee3bbd48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

Re: [Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

[Mojolicious] Mojolicious::Lite HTTPS / SSL / TLS not working

14 matches

Site Navigation

Mail list logo

Footer information