duo icon indicating copy to clipboard operation
duo copied to clipboard

Published 20 hours ago verified publisher icon azutoolkit

The example server.cr fails to respond on Macos 12, Crystal 1.2.2 and OpenSSL 1.1.1l

Open skovsboll opened this issue 3 years ago • 2 comments

This happens every time I hit https://localhost:9876/

$examples/> crystal run server.cr

listening on https://:::9876/

Unhandled exception in spawn: SSL_accept: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (OpenSSL::SSL::Error)
  from /usr/local/Cellar/crystal/1.2.2/src/openssl/ssl/socket.cr:77:9 in 'accept'
  from /usr/local/Cellar/crystal/1.2.2/src/openssl/ssl/socket.cr:65:11 in 'initialize'
  from /usr/local/Cellar/crystal/1.2.2/src/openssl/ssl/socket.cr:59:5 in 'new'
  from /Users/soren/weroes/duo/src/duo/server.cr:33:14 in 'handle_socket'
  from /Users/soren/weroes/duo/src/duo/server.cr:26:14 in '->'
  from /usr/local/Cellar/crystal/1.2.2/src/primitives.cr:266:3 in 'run'
  from /usr/local/Cellar/crystal/1.2.2/src/fiber.cr:92:34 in '->'

Unhandled exception in spawn: SSL_shutdown: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify (OpenSSL::SSL::Error)
  from /usr/local/Cellar/crystal/1.2.2/src/openssl/ssl/socket.cr:179:11 in 'unbuffered_close'
  from /usr/local/Cellar/crystal/1.2.2/src/io/buffered.cr:227:5 in 'close'
  from /Users/soren/weroes/duo/src/duo/connection.cr:100:13 in 'listen'
  from /Users/soren/weroes/duo/src/duo/connection.cr:27:7 in '->'
  from /usr/local/Cellar/crystal/1.2.2/src/primitives.cr:266:3 in 'run'
  from /usr/local/Cellar/crystal/1.2.2/src/fiber.cr:92:34 in '->'

I've tried creating my own cert and key using openssl, same problem.

System

Macos 12.0.1
OpenSSL 1.1.1l  24 Aug 2021
Crystal 1.2.2 (2021-11-10)
LLVM: 11.1.0
Default target: x86_64-apple-macosx

skovsboll avatar Nov 25 '21 15:11 skovsboll

I will look into this. Let me know if you have a fix feel free to open a PR

eliasjpr avatar May 07 '22 15:05 eliasjpr

@skovsboll I spent some time looking into this issue and this is not related to Duo itself but to SSL configuration. I followed some online guides (https://www.section.io/engineering-education/how-to-get-ssl-https-for-localhost/ and https://stackoverflow.com/questions/8169999/how-can-i-create-a-self-signed-cert-for-localhost) and configured Firefox browser and was able to hit the server.

In regards to the SSL error below this seems to be a Crystal SSL lib error. I am going to raise an issue with the Crystal community.

Unhandled exception in spawn: SSL_shutdown: error:0A000123:SSL routines::application data after close notify (OpenSSL::SSL::Error)

Screenshot from 2022-06-17 08-43-20

Thank you for taking the time to raise this issue.

eliasjpr avatar Jun 17 '22 12:06 eliasjpr