2

We are using libwebsockets 1.3 in our ssl enabled web socket client program written in c, we are compiling on Centos 6.5 with openssl 1.0.1 installed, making a .so library which is later used in asterisk. The compilation goes fine but I'm getting this runtime error:

problem creating ssl context 336236705: error:140A90A1:lib(20):func(169):reason(161)

Going through libwebsockets code I spotted the part that is generating the error message (lib/ssl.c line 90):

/* basic openssl init */

SSL_library_init();

OpenSSL_add_all_algorithms();
SSL_load_error_strings();

openssl_websocket_private_data_index =
    SSL_get_ex_new_index(0, "libwebsockets", NULL, NULL, NULL);

/*
 * Firefox insists on SSLv23 not SSLv3
 * Konq disables SSLv2 by default now, SSLv23 works
 */

method = (SSL_METHOD *)SSLv23_server_method();

if (!method) {
    error = ERR_get_error();
    lwsl_err("problem creating ssl method %lu: %s\n", 
        error, ERR_error_string(error,
                      (char *)context->service_buffer));
    return 1;
}

context->ssl_ctx = SSL_CTX_new(method); /* create context */
if (!context->ssl_ctx) {
    error = ERR_get_error();
    lwsl_err("problem creating ssl context %lu: %s\n",
        error, ERR_error_string(error,
                      (char *)context->service_buffer));
    return 1;
}

Which according to examples I've seen on the web looks absolutely fine, I've been scratching my head, searching and trying everything for the past couple of days including reinstalling different versions of openssl, changing the code above, replacing SSLv23_server_method with other methods, etc... but can't get it to work, does anybody know where the problem might be?

Additional informaiton: Using ERR_print_errors_fp() I get:

3077879544:error:140A90A1:lib(20):func(169):reason(161):ssl_lib.c:1802:

part of our code that calls libwebsocket_create_context looks like this:

int opts = 0;

const char *interface = NULL;

int listen_port;

memset(&wsInfo, 0, sizeof wsInfo);

listen_port = CONTEXT_PORT_NO_LISTEN;

wsInfo.port = listen_port;
wsInfo.iface = interface;
wsInfo.protocols = protocols;
wsInfo.extensions = libwebsocket_get_internal_extensions();

wsInfo.gid = -1;
wsInfo.uid = -1;
wsInfo.options = opts;

wsContext = libwebsocket_create_context(&wsInfo);

The program is compiled into an .so library and the library is used in our modified version of asterisk (which itself uses openssl as far as I know).

4

4 回答 4

3

创建 ssl 上下文 336236705 的问题:错误:140A90A1:lib(20):func(169):reason(161)

这可能有帮助:

$ openssl errstr 0x140A90A1
error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers

“库没有密码”是库未初始化的确定标志。请参阅 OpenSSL 的关于在Library Initialization中初始化库的 wiki 页面。

由于 Asterisk 正在做一些非常聪明的事情,你应该检查它还在做什么。特别是,您应该确保它使用弱/受伤/损坏的协议和密码套件。可以在SSL/TLS 客户端中找到如何改进安全状况的示例。该示例确保 TLS 1.0 及更高版本,并使用“强”密码套件。

于 2014-12-29T04:56:17.670 回答
2

通过使用使用 boost asio 的库,我也遇到了这个错误。该库是针对 openssl-1.0 编译的,而我的二进制文件是针对 openssl-1.1 编译的。

将我的二进制文件切换为也使用 openssl-1.0 为我解决了这个问题。

于 2018-01-28T15:43:32.800 回答
1

问题是星号覆盖了所有openssl初始化函数,包括SSL_library_init()OpenSSL_add_all_algorithms()in main\libasteriskssl.c,并将它们替换为什么都不做的虚拟函数,而是定义了一个ast_ssl_init()执行所有初始化并在main()in中调用一次的函数main/asterisk.c,我的代码恰好在那个调用之前。

于 2014-12-25T09:30:51.690 回答
0

评论太长了,但是:

首先,让我们消除您的代码。在libwebsockets发行版中,test/test-server.c有一个使用 SSL 的测试服务器。那样有用吗?如果是这样,我猜这是您在代码中所做的事情(在这种情况下,我们将需要您的一些代码)。如果没有,我猜这是您的发行版。

接下来,让我们将该错误消息提供更多信息。您能否介绍ERR_print_errors_fp()打印 SSL 错误stderr或类似错误,并告诉我们它说的是什么?

于 2014-12-22T10:48:28.153 回答