eduardsui
Issue with TLS server
Hi Eduard,
First of all, very impressive project you did almost 4 years for the quickjs and it blew my mind. very cool!
I tried to start the HTTPS server with it but I met some issue. Basically, after connected, it did not send the certificate on the server hello stage. Below is the log from the openssl testing client. Please shed some light on why it happened when you have time :-), thanks!
openssl s_client -connect 192.168.1.125:8083 CONNECTED(00000003)
40D7C4B0317F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:304:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 304 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
Below is the log for jib with quickjs compiled and also DEBUG turned on. I also added some log for debugging.
00:17:05.405 LOG examples/servers.js:81: Server running at https://0.0.0.0:8083 00:17:08.153 LOG tls:35: [object Object] function unpoll() { [native code] } 00:17:08.162 LOG tls:52: net.recv 297 bytes. Message type: 16, length: 292 HANDSHAKE MESSAGE => CLIENT HELLO VERSION REQUIRED BY REMOTE 303, VERSION NOW 304 REMOTE SESSION ID: (32): 87 3B 00 FA F6 DF C9 3E 57 BF 47 26 4B 39 08 2C 75 24 EB 20 E2 DD 44 37 46 E6 1B FD 2E 20 6C FC Extension: 0x0b (11), len: 4 SUPPORTED POINT FORMATS (4): 03 00 01 02 Extension: 0x0a (10), len: 22 SUPPORTED GROUPS (20): 00 1D 00 17 00 1E 00 19 00 18 01 00 01 01 01 02 01 03 01 04 SELECTED CURVE secp256r1 Extension: 0x023 (35), len: 0 Extension: 0x016 (22), len: 0 Extension: 0x017 (23), len: 0 Extension: 0x0d (13), len: 42 SUPPORTED SIGNATURES (42): 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0A 08 0B 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 Extension: 0x02b (43), len: 9 SUPPORTED VERSIONS (9): 08 03 04 03 03 03 02 03 01 TLS 1.3 SUPPORTED Extension: 0x02d (45), len: 2 EXTENSION, PSK KEY EXCHANGE MODES (2): 01 01 Extension: 0x033 (51), len: 38 EXTENSION, KEY SHARE (38): 00 24 00 1D 00 20 D9 CD FB FD 3D 1F 1A B2 66 8D 79 3B 1B 74 FD 4D EA 07 93 CD EC 17 7F 6F 05 94 85 55 17 89 7D 33 KEY SHARE => x25519 Initializing dependencies x25519 KEY (32): F7 BC E3 60 C2 79 A1 13 C5 2C 34 DA FC 97 7D 36 D3 FB 7D 31 7A D8 2F E1 7E C0 8A FF 30 26 63 0F => DTLS COOKIE VERIFIED: 0 (291) <= SENDING SERVER HELLO EXTRACT (48): 7E E8 20 6F 55 70 02 3E 6D C7 51 9E B1 07 3B C4 E7 91 AD 37 B5 C3 82 AA 10 BA 18 E2 35 7E 71 69 71 F9 36 2F 2C 2F E2 A7 6B FD 78 DF EC 4E A9 B5 null hash (48): 38 B0 60 A7 51 AC 96 38 4C D9 32 7E B1 B1 E3 6A 21 FD B7 11 14 BE 07 43 4C 0C C7 BF 63 F6 E1 DA 27 4E DE BF E7 6F 65 FB D5 1A D2 F1 48 98 B9 5B INFO (65): 00 30 0D 74 6C 73 31 33 20 64 65 72 69 76 65 64 30 38 B0 60 A7 51 AC 96 38 4C D9 32 7E B1 B1 E3 6A 21 FD B7 11 14 BE 07 43 4C 0C C7 BF 63 F6 E1 DA 27 4E DE BF E7 6F 65 FB D5 1A D2 F1 48 98 B9 5B salt (48): 15 91 DA C5 CB BF 03 30 A4 A8 4D E9 C7 53 33 0E 92 D0 1F 0A 88 21 4B 44 64 97 2F D6 68 04 9E 93 E5 2F 2B 16 FA D9 22 FD C0 58 44 78 42 8F 28 2B EXTRACT (48): C7 6E 46 B2 F3 F8 84 33 F5 82 8B 05 AD 9D 47 AE AA C9 0D 4E 62 A5 8B 40 CB 78 4B E3 DD F2 30 8F 82 CA FA 6D ED 54 5E D4 EC 1F B6 4D D0 2A 24 9D messages hash (48): 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62 INFO (70): 00 30 12 74 6C 73 31 33 20 73 20 68 73 20 74 72 61 66 66 69 63 30 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62 s hs traffic (48): 42 03 44 01 E7 E3 3A 60 B4 FD AD 41 28 B6 E7 63 12 AD EF B2 88 44 7D 20 AC 1F 77 31 DE 35 9F D5 51 22 A1 C3 CE 5F 2A 17 E3 26 77 FA 4A 24 4B 7A INFO (13): 00 20 09 74 6C 73 31 33 20 6B 65 79 00 INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 INFO (70): 00 30 12 74 6C 73 31 33 20 63 20 68 73 20 74 72 61 66 66 69 63 30 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62 INFO (13): 00 20 09 74 6C 73 31 33 20 6B 65 79 00 INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 CLIENT KEY (32): CA 78 23 F3 2B 30 FF 17 BF 62 29 0D AC 17 59 1A 98 85 B7 88 32 B3 6D 11 79 06 74 64 EE E4 5A 09 CLIENT IV (12): 98 E2 34 55 FC B7 77 FD 6D 76 15 EF SERVER KEY (32): 0B F7 3A C2 4B 52 C5 0C 4F E6 74 A7 A9 DF 14 E8 72 FD 2C F0 4E BE C7 3E A9 50 9A 84 22 82 36 B4 SERVER IV (12): 25 1D 9E 5D E8 14 22 F9 FE A2 79 E8 INFO (18): 00 30 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00 FINISHED (48): 1E FE F9 85 0C 74 EC 0C 18 3A F9 CA A3 ED 6F F5 34 52 14 A6 00 69 93 1E 8F 6F E5 4F F0 29 04 23 F2 21 11 48 1E 1A 90 3D A5 82 A9 30 30 A6 4C C2 INFO (18): 00 30 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00 REMOTE FINISHED (48): 81 E5 CA 28 11 47 4A E7 17 46 DC DB 48 95 AA BB E6 4C F8 CA 4D 8E 3A 1B 16 F5 04 FF CC 0B 8A D2 5F DB 76 D8 DE 2C C6 25 A0 B9 0D 26 2D 95 AD 42 Using cipher ID: 1302 <= SENDING ENCRYPTED EXTENSIONS <= SENDING CERTIFICATE <= SENDING CERTIFICATE VERIFY verify data (146): 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 54 4C 53 20 31 2E 33 2C 20 73 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 56 65 72 69 66 79 00 05 BB C9 01 6A B9 EE 57 8A 25 23 2E 40 8D 98 6E 69 60 1E 89 E5 A9 1A 9B A8 A0 4F FE 58 FC DC 30 5C DC C8 57 83 51 8D 88 01 94 68 47 32 0B FE 3C RSA signing OK! (length 256) <= SENDING FINISHED HS HASH (48): F6 4E FB 78 47 7E D2 58 2C 2F 6F 6F F8 4E 30 E2 E2 70 A7 FA 16 9B E2 33 B1 41 16 4E EA 1E 89 FD 16 EE 33 C0 47 C2 92 AA 0A D8 4D FB 77 CC B9 05 HS FINISH (48): 1E FE F9 85 0C 74 EC 0C 18 3A F9 CA A3 ED 6F F5 34 52 14 A6 00 69 93 1E 8F 6F E5 4F F0 29 04 23 F2 21 11 48 1E 1A 90 3D A5 82 A9 30 30 A6 4C C2 HS REMOTE FINISH (48): 81 E5 CA 28 11 47 4A E7 17 46 DC DB 48 95 AA BB E6 4C F8 CA 4D 8E 3A 1B 16 F5 04 FF CC 0B 8A D2 5F DB 76 D8 DE 2C C6 25 A0 B9 0D 26 2D 95 AD 42 VERIFY DATA (48): A4 15 F1 CE 10 C9 1E 46 C5 F4 29 63 6A 84 BE 7A 5D ED 03 5E B6 6F CB 3B F0 9B FC 0E 5D 64 C2 01 18 03 B4 E9 66 6A F6 7A CC 1E 43 61 02 AA 21 84 Consumed 297 bytes 00:17:08.174 LOG tls:59: before Date().getTime 00:17:08.174 LOG tls:61: 1698553028174 0 2 1-304 tls_established 0x7fde35771010 00:17:08.174 LOG tls:92: Not established? ... 0 2 1-304 tls_established 0x7fde35771010 00:17:20.154 FATAL examples/servers.js:0: TypeError: not a function at
(tls:42)
It seems that it stuck at the following lines of codes in src/misc/tlse.c
#ifdef WITH_TLS_13
if (context->connection_status == 3) {
context->connection_status = 2;
_private_tls_write_packet(tls_build_hello(context, 0));
_private_tls_write_packet(tls_build_change_cipher_spec(context));
_private_tls13_key(context, 1);
context->cipher_spec_set = 1;
DEBUG_PRINT("<= SENDING ENCRYPTED EXTENSIONS\n");
_private_tls_write_packet(tls_build_encrypted_extensions(context));
if (context->request_client_certificate) {
DEBUG_PRINT("<= SENDING CERTIFICATE REQUEST\n");
_private_tls_write_packet(tls_certificate_request(context));
}
DEBUG_PRINT("<= SENDING CERTIFICATE\n");
_private_tls_write_packet(tls_build_certificate(context));
DEBUG_PRINT("<= SENDING CERTIFICATE VERIFY\n");
_private_tls_write_packet(tls_build_certificate_verify(context));
DEBUG_PRINT("<= SENDING FINISHED\n");
_private_tls_write_packet(tls_build_finished(context));
// new key
TLS_FREE(context->server_finished_hash);
context->server_finished_hash = (unsigned char *)TLS_MALLOC(_private_tls_mac_length(context));
if (context->server_finished_hash)
_private_tls_get_hash(context, context->server_finished_hash);
break;
}
#endif
Cheers,
The issue turned out to be the epoll on ubuntu 22.04.
I have the following fix
git diff src/doops.h
diff --git a/src/doops.h b/src/doops.h
index 06e3710..0fc7207 100644
--- a/src/doops.h
+++ b/src/doops.h
@@ -900,6 +900,7 @@ static void _private_sleep(struct doops_loop *loop, int sleep_val) {
else
#endif
loop->io_read(loop, events[i].data.fd);
+ loop->io_write(loop, events[i].data.fd);^M
}
}
}
And now I can see the page but then it throws out the following exception on _stream_readable. Will look into it.
APPLICATION DATA MESSAGE (TLS VERSION: 304): GET / HTTP/1.1 Host: 192.168.1.125:8083 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,zh-CN;q=0.7,zh;q=0.6,zh-TW;q=0.5
Consumed 739 bytes 20:46:59.745 LOG servers.js:37: 1 connections 20:46:59.861 FATAL servers.js:0: TypeError: value has no property at
(stream_readable:273) at resume (_stream_readable:701) at (_stream_readable:694)