crow icon indicating copy to clipboard operation
crow copied to clipboard

Published 20 hours ago verified publisher icon ipkn

Unable to reconnect to SSL enabled Crow server with a web browser

Open jjhoo opened this issue 7 years ago • 3 comments

When I start example_ssl (examples/ssl/example_ssl.cpp from git master), I can open https://localhost:18080/ with a web browser (firefox-esr 52.3, chromium 62.0.3202.89). If I wait for a while, crow http server seems to close the tcp connection. Then, reloading https://localhost:18080/ with a web browser does not work unless I restart either example_ssl or the web browser.

Chromium shows an error, "...ERROR:ssl_client_socket_impl.cc(1091)] handshake failed; returned -1, SSL error code 1, net_error -100"

wget seems to work without problems, wget -qO - --no-check-certificate https://localhost:18080/

g++ (Debian 6.3.0-18) 6.3.0 20170516 boost 1.62.0.1 libssl-dev 1.1.0f or libssl1.0-dev 1.0.2l

jjhoo avatar Dec 08 '17 09:12 jjhoo

I noticed that removing call ssl_context_.set_verify_mode(boost::asio::ssl::verify_peer) made a difference.

jjhoo avatar Dec 08 '17 10:12 jjhoo 

                auto & appref = app
                    .bindaddr ("0.0.0.0")
                    .port (4000)
                    .ssl_file ("server.crt", "server.key");
                
                appref.ssl_context_.set_verify_mode (boost::asio::ssl::verify_none);
                
                appref
                    .multithreaded ()
                    .run ();

The workaround isn't bad if you don't want to change the crow source itself. I don't need client cert verification, so I'm curious as to why it is enabled by default.

raphm avatar Feb 25 '18 19:02 raphm

Have you ever done the SSL test procedure for wss?

mengbieting avatar Jan 21 '19 01:01 mengbieting