Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httpS server seems to not work in v1.14 #4831

Open
omerbrandis opened this issue Dec 27, 2024 · 9 comments
Open

httpS server seems to not work in v1.14 #4831

omerbrandis opened this issue Dec 27, 2024 · 9 comments
Labels
bug

Comments

@omerbrandis
Copy link
Contributor

upgraded my existing application to use poco 1.14 with openssl 3.0.15
when using firefox to get a page from the server over ssl it shows a "SSL_ERROR_RX_RECORD_TOO_LONG" error.
chorme did not show an error msg, but was unable to render, it looks like it kept retrying to get the page.

when using poco 1.13.3 application works.
@micheleselea
Copy link
Contributor

SSL_ERROR_RX_RECORD_TOO_LONG this usually happen if you try to connect to an https on a server that is http.
So probably your problem is that is failing the creation of ssl context to create ssl server socket, check if conext is created correctly

@matejk
Copy link
Contributor

matejk commented Jan 14, 2025

@omerbrandis , does the comment from @micheleselea explain the failure that you reported.

@matejk matejk mentioned this issue Jan 14, 2025
Open
@omerbrandis
Copy link
Contributor Author

omerbrandis commented Jan 15, 2025
edited
Loading

Hello matejk & micheleselea

as i've mentioned before, i did not change my code/configuration, only the linkage to v1.14.
there are no error messages.

  • I'm not really sure what micheleselea suggested I check
    ( Poco::Net::HTTPServer::start returns void, the Poco::Net::SecureServerSocket was also created succsesfully, otherwise I would not have gotten to HTTPServer::start & my Request Handlers are called)

  • i tried curl -k ...
    got : curl: (56) GnuTLS recv error (-15): An unexpected TLS packet was received.

:-)

@matejk
Copy link
Contributor

matejk commented Jan 15, 2025

Thank you, @omerbrandis. Can you provide a sample code that demonstrates the problem?

@omerbrandis
Copy link
Contributor Author

Hello Matejk,

I've tried to reproduce the error using simpler code , i've taken the example provided at https://pocoproject.org/ (made the changes required for serving over ssl), the error did not reproduce.

i've then taken the next step, it seems the error is in method HTTPServerResponse::sendFile,
it does not throw an exception, but it does not work as expected
see attached.

main.txt

I'm not really sure how to debug this further....
:-)

@d3matt
Copy link

d3matt commented Jan 16, 2025
edited
Loading

I'm pretty sure it's the changes to HTTPServerResponseImple.cpp in commit 710c2a4. I don't think you can use sendFile with a TLS connection. I reverted just that file and HTTPServerResponse::sendFile is working again as expected for me over a TLS connection.

@d3matt
Copy link

d3matt commented Jan 16, 2025

FWIW: our index.html (1353 bytes) was able to get served correctly but our favicon.ico (3902 bytes) would trigger the record too long error.

@obiltschnig
Copy link
Member

Hm, sendfile() definitely will not work with a TLS connection. That whole implementation needs to be redesigned to make it work.

@micheleselea
Copy link
Contributor

mmm I don't get it, I usually use Poco::Net::HTTPServerResponse::sendFile() without problem, I don't think we need to use SocketImpl::sendFile() in a HTTPS server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@obiltschnig @matejk @d3matt @omerbrandis @micheleselea