[noPoll] NoPoll PSK help
Chris Buchter
buchtcj en gmail.com
Jue Feb 4 22:08:50 CET 2016
Hi Everyone,
I need help to get my nopoll wss server to accept PSK connections with
OpenSSL. Is this supported? I had it working with certificates but I need
both. Any help would be fantastic, I've been stuck on this for hours..
Client hangs on call to nopoll_conn_wait_until_connection_ready until it
times out.
This is how I was trying it (note: some irrelevant functions missing) :
server.c
guint psk_server_cb(SSL *ssl, const gchar *identity, guchar *psk, guint
max_psk_len)
{
guint8 psk2[16] =
{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10};
printf("Identity: %s, Max Length: %d\n", identity, max_psk_len);
memcpy(psk, psk2, 16);
return 16;
}
void initialize_ssl()
{
printf("Entering %s\n", __FUNCTION__);
const SSL_METHOD *method;
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
method = TLSv1_server_method();
openssl_ctx = SSL_CTX_new(method);
SSL_CTX_set_psk_server_callback(openssl_ctx, psk_server_cb);
SSL_CTX_use_psk_identity_hint(openssl_ctx, NULL);
SSL_CTX_set_verify(openssl_ctx,
SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_CLIENT_ONCE,
cert_server_cb);
SSL_CTX_use_certificate_file(openssl_ctx, CERTFILE, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(openssl_ctx, KEYFILE, SSL_FILETYPE_PEM);
if(SSL_CTX_set_cipher_list(openssl_ctx, CIPHERS) == 0)
{
printf("Fail to select ciphers\n");
exit(1);
}
if(openssl_ctx == NULL)
{
printf("CTX Error\n");
exit(1);
}
printf("Exiting %s\n", __FUNCTION__);
return;
}
SSL_CTX * ip_control_ssl_ctx_creator (noPollCtx * ctx, noPollConn * conn,
noPollConnOpts * opts, nopoll_bool is_client, noPollPtr user_data)
{
printf("Entering %s\n", __FUNCTION__);
// Initialize OPENSSL SSL_CTX
initialize_ssl();
return openssl_ctx;
}
nopoll_bool onReady(noPollCtx * ctx, noPollConn * conn, noPollPtr
user_data)
{
printf("Ready\n");
return nopoll_true;
}
gint main(gint argc, const gchar *argv[])
{
// Declaration of noPoll objects
noPollCtx *ctx;
noPollConn *conn;
noPollConnOpts *opts;
NOPOLL_SOCKET sockfd;
struct sockaddr_in server;
// Initialize noPollCtx
ctx = nopoll_ctx_new();
// Initialize noPollConnOpts
opts = nopoll_conn_opts_new();
// Set ssl creator
nopoll_ctx_set_ssl_context_creator(ctx,
(noPollSslContextCreator)ip_control_ssl_ctx_creator, NULL);
// Add cert to opts
if(!nopoll_conn_opts_set_ssl_certs(opts, CERTFILE, KEYFILE, NULL, NULL))
{
printf("Error loading certificate / key\n");
return 1;
}
// Set ssl protocol
nopoll_conn_opts_set_ssl_protocol (opts, NOPOLL_METHOD_TLSV1);
// Set up listener
printf("Starting listener on port %s:\n", PORT);
noPollConn * listener = nopoll_listener_tls_new_opts (ctx, opts, "0.0.0.0",
PORT);
if (! nopoll_conn_is_ok (listener)) {
printf("Unsuccessful listener\n");
return 1;
}
nopoll_log_enable(ctx, nopoll_true);
// Set onReady function
nopoll_ctx_set_on_ready(ctx, onReady, NULL);
// Set onMessage function
nopoll_ctx_set_on_msg(ctx, onMessage, NULL);
// Set loop
nopoll_loop_wait(ctx, 0);
// Unreference noPoll objects
nopoll_conn_opts_unref(opts);
nopoll_ctx_unref(ctx);
return 0;
}
client:
guint psk_client_cb(SSL *ssl, const gchar *hint, gchar *identity, guint
max_identity_len, guint8 *psk, guint max_psk_len)
{
printf("psk_client_cb\n");
guint8 psk2[16] =
{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10};
strcpy(identity, "CHRIS\0");
printf("Identity: %s, Max Length: %d\n", identity, max_psk_len);
memcpy(psk, psk2, 16);
return 16;
}
void initialize_ssl()
{
gint i;
guint8 md[32];
guint n;
printf("Entering %s\n", __FUNCTION__);
const SSL_METHOD *method;
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
method = TLSv1_client_method();
openssl_ctx = SSL_CTX_new(method);
SSL_CTX_set_verify(openssl_ctx,
SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, cert_client_cb);
SSL_CTX_set_psk_client_callback(openssl_ctx, psk_client_cb);
SSL_CTX_use_certificate_file(openssl_ctx, CERTFILE, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(openssl_ctx, KEYFILE, SSL_FILETYPE_PEM);
if(SSL_CTX_set_cipher_list(openssl_ctx, CIPHERS) == 0)
{
printf("Fail to select ciphers\n");
exit(1);
}
if(openssl_ctx == NULL)
{
printf("CTX Error\n");
exit(1);
}
printf("Exiting %s\n", __FUNCTION__);
return;
}
SSL_CTX * ip_control_ssl_ctx_creator (noPollCtx * ctx, noPollConn * conn,
noPollConnOpts * opts, nopoll_bool is_client, noPollPtr user_data)
{
printf("Entering %s\n", __FUNCTION__);
return openssl_ctx;
}
int main(int argc, const char *argv[])
{
// Declaration of noPoll objects
noPollCtx *ctx;
noPollConn *conn;
noPollConnOpts *opts;
CIPHERS = "PSK-AES128-GCM-SHA256:PSK-AES128-CBC-SHA";
// Initialize OPENSSL SSL_CTX
initialize_ssl();
// Initialize noPollCtx
ctx = nopoll_ctx_new();
// Initialize noPollConnOpts
opts = nopoll_conn_opts_new();
// Set onMessage function
nopoll_ctx_set_on_msg(ctx, onMessage, NULL);
// Set ssl creator
nopoll_ctx_set_ssl_context_creator(ctx,
(noPollSslContextCreator)ip_control_ssl_ctx_creator, NULL);
nopoll_log_enable(ctx, nopoll_true);
// Connect to server & send message
conn = nopoll_conn_tls_new(ctx, opts, "0.0.0.0", PORT, NULL, NULL, NULL,
NULL);
if(!nopoll_conn_is_ok(conn))
{
printf("Error connecting\n");
return 1;
}
if(!nopoll_conn_wait_until_connection_ready(conn,100000))
{
printf("Timeout occured\n");
return 1;
}
// Send message
if(nopoll_conn_send_text(conn, "Hello There!", 12) != 12)
{
printf("Write error\n");
return 1;
}
// Set wait for response
nopoll_loop_wait(ctx, 5);
// Unreference noPoll objects
json_decref(root);
nopoll_conn_opts_unref(opts);
nopoll_ctx_unref(ctx);
return 0;
}
OUTPUT FROM SERVER:
Starting listener on port 8091:
(proc 4000): (debug)nopoll_conn.c:3823 Calling to accept web socket
connection over master id=2, socket=3
(proc 4000): (debug)nopoll_ctx.c:257 registered connection id 3, role: 2
(proc 4000): (debug)nopoll_listener.c:410 Listener created, started:
127.0.0.1:35813 (socket: 4)
(proc 4000): (debug)nopoll_conn.c:1602 Releasing connection id 3 reference,
current ref count status is: 1
(proc 4000): (debug)nopoll_conn.c:3867 Accepted new WebSocket conn-id=3,
socket=4, over master id=2, socket=3
(proc 4000): (debug)nopoll_conn.c:3921 Connection received and accepted
from 0.0.0.0:8091 (conn refs: 2, ctx refs: 3)
(proc 4000): (debug)nopoll_conn.c:3932 Starting TLS process,
options=0xa7a0f0, listener=0xa7a590
Entering ip_control_ssl_ctx_creator
Entering initialize_ssl
Exiting initialize_ssl
(proc 4000): (debug)nopoll_conn.c:4004 Using certificate file: ./cert.pem
(with ssl context ref: 0xa97580)
(proc 4000): (debug)nopoll_conn.c:4023 Using certificate key: ./key.pem
(proc 4000): (debug)nopoll_conn.c:4084 Prepared TLS session to be activated
on next reads (conn id 3)
(proc 4000): (debug)nopoll_conn.c:2518 === START: conn-id=3 (errno=2,
session: 4, conn->handshake_ok: 0, conn->pending_ssl_accept: 1) ===
(proc 4000): (debug)nopoll_conn.c:2523 Received connect over a connection
(id 3) with TLS handshake pending to be finished, processing..
(proc 4000): (warning)nopoll_conn.c:2531 accept function have failed (for
listener side) ssl_error=2 : dumping error stack..
(proc 4000): (warning)nopoll_conn.c:2536 still not prepared to continue
because read wanted conn-id=3 (0xa7a8e0, session 4)
(proc 4000): (debug)nopoll_conn.c:2518 === START: conn-id=3 (errno=11,
session: 4, conn->handshake_ok: 0, conn->pending_ssl_accept: 1) ===
(proc 4000): (debug)nopoll_conn.c:2523 Received connect over a connection
(id 3) with TLS handshake pending to be finished, processing..
Identity: CHRIS, Max Length: 516
(proc 4000): (debug)nopoll_conn.c:2560 Completed TLS operation from
127.0.0.1:35813 (conn id 3, ssl veriry result: 0)
(proc 4000): (debug)nopoll_conn.c:2518 === START: conn-id=3 (errno=11,
session: 4, conn->handshake_ok: 0, conn->pending_ssl_accept: 0) ===
(proc 4000): (debug)nopoll_conn.c:2592 Connection id 3 handshake is not
complete, running..
(proc 4000): (debug)nopoll_conn.c:2416 Checking to complete conn-id=3
WebSocket handshake, role 2
(proc 4000): (critical) nopoll_conn.c:385 SSL socket closed on SSL_read
(res=0, ssl_err=5, errno=0)
(proc 4000): (critical) nopoll_conn.c:347 noPoll id=3, socket: 4 (after
testing errno: 0)
(proc 4000): (critical) nopoll_conn.c:2429 Unexpected connection close
during handshake..closing connection
(proc 4000): (debug)nopoll_conn.c:1436 shutting down connection id=3
(session: 4, role: listener)
(proc 4000): (debug)nopoll_conn.c:1602 Releasing connection id 3 reference,
current ref count status is: 0
(proc 4000): (debug)nopoll_conn.c:1617 Released context refs, now: 3
OUTPUT FROM CLIENT:
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
(proc 4001): (debug)nopoll_conn.c:2416 Checking to complete conn-id=2
WebSocket handshake, role 1
(proc 4001): (debug)nopoll_conn.c:2436 No more data available on connection
id 2
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/nopoll/attachments/20160204/f8347ac5/attachment-0001.html>
Más información sobre la lista de distribución noPoll