HTTP.jl icon indicating copy to clipboard operation
HTTP.jl copied to clipboard
verified publisher icon JuliaWeb

HTTPS Support via MbedTLS

Open onetonfoot opened this issue 3 years ago • 6 comments

I'm trying to setup HTTPS following the example from here, but can't seem to get it to work :/ .

key = joinpath(@__DIR__, "localhost-key.pem")
cert = joinpath(@__DIR__, "localhost.pem")
sslconfig = MbedTLS.SSLConfig(cert, key)
HTTP.serve(handler_fn, sslconfig)

I keep getting this error.

[ LogLevel(999): unable to accept new connection

onetonfoot avatar Dec 01 '22 13:12 onetonfoot

Not sure what versions you are using, I expected a MethodError error here, but I think the solution is the same. sslconfig is a keyword arg, not a positional one. I renamed your variable to highlight the issue.

yoursslconf = MbedTLS.SSLConfig(cert, key)
HTTP.serve(handler_fn, sslconfig=yoursslconf)

alternatively (Note the ; instead of , to mark the start of keyword args):

sslconfig = MbedTLS.SSLConfig(cert, key)
HTTP.serve(handler_fn; sslconfig)

benelsen avatar Dec 01 '22 13:12 benelsen

Oppps yeah you're right that was a typo in my code for the issue, it's not what I was running locally. A correct example would be

using HTTP, MbedTLS

# certs generated with `mkcert -install; mkcert localhost`
key = joinpath(@__DIR__, "localhost-key.pem")
cert = joinpath(@__DIR__, "localhost.pem")
sslconfig = MbedTLS.SSLConfig(cert, key)

function handler_fn(req)
	return HTTP.Response("Hello")
end

# this works
HTTP.serve(9995) do req
	handler_fn(req)
end

# this fails to accept any connections
# [ LogLevel(999): unable to accept new connection
HTTP.serve(9995, sslconfig=sslconfig) do req
	handler_fn(req)
end

I'm using HTTP v1.4.0 and MbedTLS v1.1.7

onetonfoot avatar Dec 02 '22 00:12 onetonfoot

Ah, now that error makes a lot more sense. I tried reproducing this with those version, but was unable to do so. How did you send a request to the server?

curl -k 'https://127.0.0.1:9995/'

as well as

HTTP.get("https://127.0.0.1:9995/"; require_ssl_verification = false)

worked for me. Remember that when you self sign your certificate you need to explicitly disable checks or add your root CA cert into the trust store, otherwise your client won't connect to the server and you'll get that error.

benelsen avatar Dec 02 '22 00:12 benelsen

Ahhh I was trying in the browser and was actually hitting http://localhost:9995 rather than https://localhost:9995. Thanks for your quick response and sorry for the noise.

I don't suppose it's possible to redirect all HTTP requests to HTTPS ?

onetonfoot avatar Dec 06 '22 02:12 onetonfoot

I don't suppose it's possible to redirect all HTTP requests to HTTPS ?

Off the top of my head, this wouldn't be too hard to support; probably not too hard to attempt if someone wants to give it a go.

quinnj avatar Dec 06 '22 17:12 quinnj

I could probably give it a crack

onetonfoot avatar Dec 07 '22 10:12 onetonfoot