examples icon indicating copy to clipboard operation
examples copied to clipboard
verified publisher icon actix

awc_https example is not working in windows 10 with gnu toolchain

Open Zhappa opened this issue 5 years ago • 5 comments

Sorry, I didn't get what do you mean. I need to configure something to make it work?

@Pzixel I was able to configure https requests by following awc_https example.

// src/main.rs

use actix_web::client::{Client, Connector};
use openssl::ssl::{SslConnector, SslMethod};

#[actix_rt::main]
async fn main() {
    let builder = SslConnector::builder(SslMethod::tls()).unwrap();

    let client = Client::build()
        .connector(Connector::new().ssl(builder.build()).finish())
        .finish();

    // Create request builder and send request
    let response = client
        .get("https://www.rust-lang.org") // <--- notice the "s" in "https://..."
        .header("User-Agent", "Actix-web")
        .send()
        .await; // <- Send http request

    println!("Response: {:?}", response);
}

Which returns

ClientResponse HTTP/1.1 200 OK
  headers:
    "strict-transport-security": "max-age=63072000"
    "x-amz-cf-id": "nQUn97FTnU4iEG8giZxGeePvVyqrzp8jYsPspK2OvhrtFEMLIrdYiw=="
    "x-cache": "Miss from cloudfront"
    "x-xss-protection": "1; mode=block"
    "x-content-type-options": "nosniff"
    "via": "1.1 vegur, 1.1 650962b00c259fe47c193b15b2fe4b88.cloudfront.net (CloudFront)"
    "x-amz-cf-pop": "VIE50-C1"
    "content-security-policy": "default-src 'self'; frame-ancestors 'self'; img-src 'self' avatars.githubusercontent.com; frame-src 'self' player.vimeo.com"
    "content-length": "19220"
    "referrer-policy": "no-referrer, strict-origin-when-cross-origin"
    "vary": "Accept-Encoding"
    "server": "Rocket"
    "content-type": "text/html; charset=utf-8"
    "date": "Tue, 02 Jun 2020 10:51:59 GMT"
    "connection": "keep-alive"
)

This is strange, but example never work on my machine, i always get something like:

Response on post: Err(
    Connect(
        Io(
            Custom {
                kind: Other,
                error: "the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl\\statem\\statem_clnt.c:1915:: unable to get local issuer certificate",
            },
        ),
    ),
)

The only way to make it work is to disable verification completely (which is not a case to work with)

async fn index(_req: HttpRequest) -> HttpResponse {
    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
    builder.set_verify(SslVerifyMode::NONE);

    let client = Client::build()
        .connector(Connector::new().ssl(builder.build()).finish())
        .finish();

    let now = std::time::Instant::now();
    let payload =
        client
        .get("https://upload.wikimedia.org/wikipedia/commons/f/ff/Pizigani_1367_Chart_10MB.jpg")
        .send()
        .await
        .unwrap()
        .body()
        .limit(20_000_000)  // sets max allowable payload size
        .await
        .unwrap();

Can anybody verify this example works out of the box on his machine? (https://github.com/actix/examples/blob/22c8eaae87775d3da53ea3a73067c1a228a3a3a4/awc_https/src/main.rs#L8-L12)

Also my "rustup show":

stable-x86_64-pc-windows-gnu (default)
rustc 1.43.1 (8d69840ab 2020-05-04)

I using windows 10 x64

Originally posted by @Zhappa in https://github.com/actix/actix-web/issues/1045#issuecomment-637788229

Zhappa avatar Jun 10 '20 20:06 Zhappa

Hi, @robjtede! https://github.com/actix/actix-web/issues/1045#issuecomment-637807016 - confirm this happens not only within my machine.

Can you please take a look? Thank you!

Zhappa avatar Jun 10 '20 20:06 Zhappa

Also, if this issue is caused by the missing of openssl binaries in windows (which, i believe, should be downloaded separately, from http://gnuwin32.sourceforge.net/packages/openssl.htm for instance), then this example is not really a cross-platform one. Maybe additional example using https://github.com/ctz/rustls and https://github.com/ctz/rustls-native-certs will help. Thanks!

Zhappa avatar Jun 10 '20 20:06 Zhappa

Related to: https://github.com/actix/actix-web/issues/1560

Pzixel avatar Jun 10 '20 21:06 Pzixel

I’m not able to test on Windows. Sorry.

robjtede avatar Jun 10 '20 21:06 robjtede

Hi, I had the same error on MacOS Catalina using certificates installed with mkcert:

stable-x86_64-apple-darwin (default)
rustc 1.47.0 (18bf6b4f0 2020-10-07)

actix-web = { version = "~3.1", features = ["openssl"] }
actix-cors = "~0.4"
openssl = { version = "~0.10" }

curl and firefox can connect successfully to the SSL enabled Actix server. However, openssl fails with a similar error when doing the following: openssl s_client -connect 127.0.0.1:8888 Errors: verify error:num=20:unable to get local issuer certificate Verify return code: 21 (unable to verify the first certificate)

I fixed openssl by using this command: openssl s_client -connect 127.0.0.1:8888 -CAfile ~/Library/Application\ Support/mkcert/rootCA.pem Response: Verify return code: 0 (ok)

So it looks like even though some other programs work, openssl itself doesn't see the file automatically.

I had to fix the code like this:

let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
builder
    .set_ca_file("rootCA.pem")
    .unwrap();

dev10 avatar Oct 14 '20 17:10 dev10