RCF-OpenSSL with JSON doesn't work on Debian 7

RCF support and general discussion.
Post Reply
VladimirD
Posts: 3
Joined: Sat Feb 01, 2014 6:55 pm

RCF-OpenSSL with JSON doesn't work on Debian 7

Post by VladimirD »

Hi Jarl,

I tried use JSON-RPC over HTTPS transport and it doesn't work.

1. Code of initializing RCF:

RCF::init();
RCF::enableLogging(RCF::LogToFile("rcf.log"), 4);
RCF::RcfServer rcfServer;
rcfServer.addEndpoint(RCF::HttpsEndpoint("0.0.0.0", json_port)).setRpcProtocol(RCF::Rp_JsonRpc);
rcfServer.setCertificate(RCF::CertificatePtr(new RCF::PemCertificate(jsonCert, "")));
rcfServer.bindJsonRpc(boost::bind(...
rcfServer.start();

2. the logs:


/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/RcfServer.cpp(390): RcfServer - starting service. [Args: typeid(*servicePtr).name()=N3RCF20ObjectFactoryServiceE, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/RcfServer.cpp(390): RcfServer - starting service. [Args: typeid(*servicePtr).name()=N3RCF19FileTransferServiceE, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/RcfServer.cpp(390): RcfServer - starting service. [Args: typeid(*servicePtr).name()=N3RCF22TcpAsioServerTransportE, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/RcfServer.cpp(390): RcfServer - starting service. [Args: typeid(*servicePtr).name()=N3RCF20HttpsServerTransportE, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/AsioServerTransport.cpp(556): AsioSessionState - onAccept(). [Args: error.value()=0, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/TcpAsioServerTransport.cpp(146): TcpAsioSessionState - calling async_accept().
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/RcfServer.cpp(607): RcfServer - completed sending of response. [Args: this=0x94ed638, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/TcpAsioServerTransport.cpp(98): TcpAsioSessionState - calling async_read_some(). [Args: bufferLen=0, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/AsioServerTransport.cpp(391): AsioSessionState - read from socket completed. [Args: this=0x94d9d38, bytesTransferred=0, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/TcpAsioServerTransport.cpp(98): TcpAsioSessionState - calling async_read_some(). [Args: bufferLen=11, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/AsioServerTransport.cpp(391): AsioSessionState - read from socket completed. [Args: this=0x94d9d38, bytesTransferred=11, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/TcpAsioServerTransport.cpp(98): TcpAsioSessionState - calling async_read_some(). [Args: bufferLen=309, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/AsioServerTransport.cpp(391): AsioSessionState - read from socket completed. [Args: this=0x94d9d38, bytesTransferred=309, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/OpenSslEncryptionFilter.cpp(1004): RCF exception thrown. Error message: OpenSSL error: 3980385060:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1355:

/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/AsioServerTransport.cpp(298): AsioSessionState - destructor. [Args: mState=3, mSessionPtr.get()=0x94ed638, mSessionPtr->mDisableIo=0, ]
/home/v/src/RCF/tms/RCF-2.0.0.2685/src/RCF/ThreadPool.cpp(594): Thread pool: std::exception caught at top level. [Args: e=[RCF: 124: OpenSSL error: 3980385060:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1355:
], mThreadName=RCF Server, ]

3. this issue is on Debian 7 (wheezy) with default openssl 1.0.1. With older openssl it works fine.
Top
VladimirD
Posts: 3
Joined: Sat Feb 01, 2014 6:55 pm

Re: RCF-OpenSSL with JSON doesn't work on Debian 7

Post by VladimirD »

If RCF patched with static OpenSSL with patch from viewtopic.php?f=6&t=179 everything works good.
Top
iiakhilesh
Posts: 4
Joined: Mon Jan 20, 2014 5:27 am

Re: RCF-OpenSSL with JSON doesn't work on Debian 7

Post by iiakhilesh »

Hi VladimirD,

Can you please tell me the steps how did you generate your PemCertificates?
Top
acDev
Posts: 27
Joined: Tue Oct 08, 2013 3:08 pm
Location: Moscow
Contact:
Contact acDev

Re: RCF-OpenSSL with JSON doesn't work on Debian 7

Post by acDev »

VladimirD wrote:SSL3_GET_CLIENT_HELLO:no shared cipher
Probably what the cipher algorithm is no longer supported.
How to generate PEM-file ?
Top
VladimirD
Posts: 3
Joined: Sat Feb 01, 2014 6:55 pm

Re: RCF-OpenSSL with JSON doesn't work on Debian 7

Post by VladimirD »

Hi,

I generated PEM certificate with command:

Code: Select all

openssl req  -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.pem -out mycert.pem
Probably what the cipher algorithm is no longer supported.
I don't think what problem with ciphers.
1. I tried explicitly define the same ciphers on client and server with no result.
2. The same eror even using localhost connection.
3. openssl s_server and openssl s_client wth this certificate works good (latest version of openssl).
4. RCF with older openssl library also works good
5. latest version of openssl linked staticaly with RCF works good.
6. latest version of openssl loaded dynamic by RCF has issue.
Top
Post Reply

Return to “Support - RCF”