Crow icon indicating copy to clipboard operation
Crow copied to clipboard

Published 20 hours ago verified publisher icon CrowCpp

Could not start adaptor: sslv3 alert certificate unknown (SSL routines)

Open Iuliean opened this issue 2 years ago • 7 comments

Sorry if this is not the place to ask this but i could not find info anywhere about this. I have generated my certificates with certbot and everything works fine in browser but if i try to make a request using c# HttpClient nothing happens on the client side and the crow server spits the error in the title.

This is my server code https://github.com/Iuliean/PiThermostatCPP/blob/main/src/site.cpp And this is my client code https://github.com/Iuliean/PiThermostat/blob/main/src/PiThermostat/Utils/Server.cs#L172

Iuliean avatar Oct 02 '22 05:10 Iuliean

It seems like openssl does not like your certificate thinking

Does it work with other libraries? Does it have a valid certificate authority?

dranikpg avatar Oct 10 '22 19:10 dranikpg

i did not try with other libraries but i did try another certificate from sslforfree.com and the same thing happened

Iuliean avatar Oct 11 '22 06:10 Iuliean

I am not sure if this is related but I am getting Could not start adaptor: no shared cipher error when trying to access the webserver via firefox & chrome with SSL

The cert is generated by certbot, the server is ubuntu 22.04 with libssl-dev package installed.

Here's the code

int main()
{
    crow::SimpleApp app; //define your crow application

    app.ssl_file("./fullchain.pem");
    app.loglevel(crow::LogLevel::Warning);
    
    CROW_ROUTE(app, "/")
    (
        [&]()
        {
            return "Hello World";
        }
    );

    //set the port, set the app to run on multiple threads, and run the app
    app.port(443).multithreaded().run();
}

and CMake

cmake_minimum_required(VERSION 3.14)

project(webserver)

add_executable(webserver ${CMAKE_CURRENT_LIST_DIR}/Src/main.cpp)
find_package(Crow)
target_link_libraries(webserver PRIVATE Crow::Crow)

Without using SSL (commenting out the ssl_file line), it works just fine.

What I have tried

  • I have tried using both the source and the .deb package but it makes no difference.
  • I tried both 1.65 and 1.64 for boost but no luck

Both openssl and libssl-dev package are the latest (3.0.2-0ubuntu1.8)

Any idea on what could be the issue?

If you have any clues it will be greatly appreciated :+1:

Neko-Box-Coder avatar Feb 20 '23 22:02 Neko-Box-Coder

Just answering my own problem in case anyone is having the same problem as mine.

In the documentation, it mentioned using one .pem file, which is half-true depending on how you generated it. If you generated it using SSL, it is very likely to give you one condensed .pem file which contains all the information.

However, if you are using certbot, which many people uses, it will normally generate two .pem files (unless configured or something), one with fullchain and one with private key I assume. Which corresponds to cert.crt and keyfile.key in the documentation.

So the solution is to just pass in 2 (fullchain and key) pem files instead of just 1.

Neko-Box-Coder avatar Feb 25 '23 22:02 Neko-Box-Coder

Just answering my own problem in case anyone is having the same problem as mine.

In the documentation, it mentioned using one .pem file, which is half-true depending on how you generated it. If you generated it using SSL, it is very likely to give you one condensed .pem file which contains all the information.

However, if you are using certbot, which many people uses, it will normally generate two .pem files (unless configured or something), one with fullchain and one with private key I assume. Which corresponds to cert.crt and keyfile.key in the documentation.

So the solution is to just pass in 2 (fullchain and key) pem files instead of just 1.

yep the problem you are describing is different for me it works just fine via web browsers the problem arises when using c# HttpClient (and maybe probably postman but i can't remember it's been a while)

Iuliean avatar Feb 27 '23 14:02 Iuliean

@Iuliean I'm hitting the same error and just wondering if you resolved the problem? I used openssl to create a ca and a self signed certificate. I can connect with the browser and it's working but I see the same error message in the logs so something must be wrong. It's also strange to get a sslv3 error because it's disabled in the initialization of the ssl context (app.h)

hbrock578 avatar Mar 13 '23 13:03 hbrock578

@hbrock578 Sadly no i did not fix it i remember i looked into it as well (i think i even tried a custom ssl context) but no luck. What i did was to use nginx as a reverse proxy and set up ssl for nginx and keep the crow webserver plain http

Iuliean avatar Mar 13 '23 16:03 Iuliean