I used visual studio 2019 and ran this against websocket_tls server . If I simply chan

also failed with gorilla server on win10: <div class="highlight highlight-source-s

fixed: <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https:

tls incompatible with winhttp about nbio HOT 7 CLOSED

acgreek commented on May 17, 2024

tls incompatible with winhttp

from nbio.

Comments (7)

acgreek commented on May 17, 2024

in tls/conn.go, after reading the handshake around line 1356, c.readRecord returns no data available.

With the other clients, this method returns data

from nbio.

acgreek commented on May 17, 2024

found the problem I think but I don't have a fix yet and I have to sign-off. If you look at the pcap, the client cipher comes in with the encrypted handshake data in the same packet. I believe your code isn't able to handle when the handle shake comes in with the encrypted data. With other clients the encrypted handshake data comes in, in a separate packet.

from nbio.

lesismal commented on May 17, 2024

I have built an exe and reproduced it, will debug it.

from nbio.

lesismal commented on May 17, 2024

also failed with gorilla server on win10:

set GOHOSTARCH=amd64
set GOHOSTOS=windows

go version go1.16 windows/amd64

package main

import (
	"fmt"
	"log"
	"net/http"

	"github.com/gorilla/websocket"
)

var upgrader = websocket.Upgrader{}

func echo(w http.ResponseWriter, r *http.Request) {
	c, err := upgrader.Upgrade(w, r, nil)
	if err != nil {
		log.Print("upgrade:", err)
		return
	}
	defer c.Close()
	for {
		mt, message, err := c.ReadMessage()
		if err != nil {
			log.Println("read:", err)
			break
		}
		err = c.WriteMessage(mt, message)
		if err != nil {
			log.Println("write:", err)
			break
		}
		fmt.Println("onEcho:", string(message))
	}
}

func main() {
	addr := "localhost:8888"
	mux := &http.ServeMux{}
	mux.HandleFunc("/ws", echo)
	server := http.Server{
		Addr:    addr,
		Handler: mux,
	}
	log.Println("running on:", addr)
	log.Fatalln(server.ListenAndServeTLS("server.crt", "server.key"))
}

when I debug, the tls handshake succeeded for golang, but got the dwError = 12175(ERROR_WINHTTP_SECURE_FAILURE) for c++.

what's your windows version?
did you get the same error 12175(ERROR_WINHTTP_SECURE_FAILURE)?

from nbio.

acgreek commented on May 17, 2024

I was testing with a letsencrypt server cert so the windows client accepted it. I figured out how to disable the server cert verification in the c++ client app

to disabled the server cert verification add

        DWORD dwSSLFlag;
	dwSSLFlag = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;

	WinHttpSetOption(hRequestHandle, WINHTTP_OPTION_SECURITY_FLAGS,
		&dwSSLFlag, sizeof(dwSSLFlag));

after hRequestHandle is initialized.

here is the complete code

// winhttpExample.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#pragma comment(lib, "winhttp")

#include <Windows.h>
#include <WinHttp.h>
#include <stdio.h>

int __cdecl wmain()
{
	DWORD dwError = ERROR_SUCCESS;
	BOOL fStatus = FALSE;
	HINTERNET hSessionHandle = NULL;
	HINTERNET hConnectionHandle = NULL;
	HINTERNET hRequestHandle = NULL;
	HINTERNET hWebSocketHandle = NULL;
	BYTE rgbCloseReasonBuffer[123];
	BYTE rgbBuffer[1024];
	BYTE* pbCurrentBufferPointer = rgbBuffer;
	DWORD dwBufferLength = ARRAYSIZE(rgbBuffer);
	DWORD dwBytesTransferred = 0;
	DWORD dwCloseReasonLength = 0;
	USHORT usStatus = 0;
	WINHTTP_WEB_SOCKET_BUFFER_TYPE eBufferType;
	INTERNET_PORT Port = 8888;
	const WCHAR* pcwszServerName = L"localhost";
	const WCHAR* pcwszPath = L"/ws";
	const WCHAR* pcwszMessage = L"Hello world";
	const DWORD cdwMessageLength = ARRAYSIZE(L"Hello world") * sizeof(WCHAR);

	wprintf(L"program started\n");
	//
	// Create session, connection and request handles.
	//
	hSessionHandle = WinHttpOpen(L"WebSocket sample",
		WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
		NULL,
		NULL,
		0);
	if (hSessionHandle == NULL)
	{
		dwError = GetLastError();
		goto quit;
	}
	wprintf(L"session handle constructed\n");

	WinHttpSetOption(hSessionHandle, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, NULL, 0);
	hConnectionHandle = WinHttpConnect(hSessionHandle,
		pcwszServerName,
		Port,
		0);
	if (hConnectionHandle == NULL)
	{
		dwError = GetLastError();
		wprintf(L"connection failed %d\n", dwError);
		goto quit;
	}
	wprintf(L"connected\n");

	hRequestHandle = WinHttpOpenRequest(hConnectionHandle,
		L"GET",
		pcwszPath,
		NULL,
		NULL,
		NULL,
		WINHTTP_FLAG_SECURE);
		// 0);
	if (hRequestHandle == NULL)
	{
		dwError = GetLastError();
		goto quit;
	}
	DWORD dwSSLFlag;
	dwSSLFlag = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
	dwSSLFlag |= SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;

	WinHttpSetOption(hRequestHandle, WINHTTP_OPTION_SECURITY_FLAGS,
		&dwSSLFlag, sizeof(dwSSLFlag));

	wprintf(L"open request successs\n");
	//
	// Request protocol upgrade from http to websocket.
	//
#pragma prefast(suppress:6387, "WINHTTP_OPTION_UPGRADE_TO_WEB_SOCKET does not take any arguments.")
	fStatus = WinHttpSetOption(hRequestHandle,
		WINHTTP_OPTION_UPGRADE_TO_WEB_SOCKET,
		NULL,
		0);
	if (!fStatus)
	{
		dwError = GetLastError();
		goto quit;
	}

	//
	// Perform websocket handshake by sending a request and receiving server's response.
	// Application may specify additional headers if needed.
	//

	fStatus = WinHttpSendRequest(hRequestHandle,
		WINHTTP_NO_ADDITIONAL_HEADERS,
		0,
		NULL,
		0,
		0,
		0);
	if (!fStatus)
	{
		dwError = GetLastError();
		goto quit;
	}
	wprintf(L"upgraded \n");

	fStatus = WinHttpReceiveResponse(hRequestHandle, 0);
	if (!fStatus)
	{
		dwError = GetLastError();
		goto quit;
	}
	wprintf(L"receive response\n");

	//
	// Application should check what is the HTTP status code returned by the server and behave accordingly.
	// WinHttpWebSocketCompleteUpgrade will fail if the HTTP status code is different than 101.
	//

	hWebSocketHandle = WinHttpWebSocketCompleteUpgrade(hRequestHandle, NULL);
	if (hWebSocketHandle == NULL)
	{
		dwError = GetLastError();
		goto quit;
	}
	wprintf(L"upgrade complete\n");

	//
	// The request handle is not needed anymore. From now on we will use the websocket handle.
	//

	WinHttpCloseHandle(hRequestHandle);
	hRequestHandle = NULL;

	wprintf(L"Succesfully upgraded to websocket protocol\n");

	//
	// Send and receive data on the websocket protocol.
	//

	dwError = WinHttpWebSocketSend(hWebSocketHandle,
		WINHTTP_WEB_SOCKET_BINARY_MESSAGE_BUFFER_TYPE,
		(PVOID)pcwszMessage,
		cdwMessageLength);
	if (dwError != ERROR_SUCCESS)
	{
		goto quit;
	}

	wprintf(L"Sent message to the server: '%s'\n", pcwszMessage);

	do
	{
		if (dwBufferLength == 0)
		{
			dwError = ERROR_NOT_ENOUGH_MEMORY;
			goto quit;
		}

		dwError = WinHttpWebSocketReceive(hWebSocketHandle,
			pbCurrentBufferPointer,
			dwBufferLength,
			&dwBytesTransferred,
			&eBufferType);
		if (dwError != ERROR_SUCCESS)
		{
			goto quit;
		}

		//
		// If we receive just part of the message restart the receive operation.
		//

		pbCurrentBufferPointer += dwBytesTransferred;
		dwBufferLength -= dwBytesTransferred;
	} while (eBufferType == WINHTTP_WEB_SOCKET_BINARY_FRAGMENT_BUFFER_TYPE);

	//
	// We expected server just to echo single binary message.
	//

	if (eBufferType != WINHTTP_WEB_SOCKET_BINARY_MESSAGE_BUFFER_TYPE)
	{
		wprintf(L"Unexpected buffer type\n");
		dwError = ERROR_INVALID_PARAMETER;
		goto quit;
	}

	wprintf(L"Received message from the server: '%.*s'\n", dwBufferLength, (WCHAR*)rgbBuffer);

	//
	// Gracefully close the connection.
	//

	dwError = WinHttpWebSocketClose(hWebSocketHandle,
		WINHTTP_WEB_SOCKET_SUCCESS_CLOSE_STATUS,
		NULL,
		0);
	if (dwError != ERROR_SUCCESS)
	{
		goto quit;
	}

	//
	// Check close status returned by the server.
	//

	dwError = WinHttpWebSocketQueryCloseStatus(hWebSocketHandle,
		&usStatus,
		rgbCloseReasonBuffer,
		ARRAYSIZE(rgbCloseReasonBuffer),
		&dwCloseReasonLength);
	if (dwError != ERROR_SUCCESS)
	{
		goto quit;
	}

	wprintf(L"The server closed the connection with status code: '%d' and reason: '%.*S'\n",
		(int)usStatus,
		dwCloseReasonLength,
		rgbCloseReasonBuffer);

quit:

	if (hRequestHandle != NULL)
	{
		WinHttpCloseHandle(hRequestHandle);
		hRequestHandle = NULL;
	}

	if (hWebSocketHandle != NULL)
	{
		WinHttpCloseHandle(hWebSocketHandle);
		hWebSocketHandle = NULL;
	}

	if (hConnectionHandle != NULL)
	{
		WinHttpCloseHandle(hConnectionHandle);
		hConnectionHandle = NULL;
	}

	if (hSessionHandle != NULL)
	{
		WinHttpCloseHandle(hSessionHandle);
		hSessionHandle = NULL;
	}

	if (dwError != ERROR_SUCCESS)
	{
		wprintf(L"Application failed with error: %u\n", dwError);
		return -1;
	}

	return 0;
}

this client works with your gorrilla websocket example above with out error for me

from nbio.

lesismal commented on May 17, 2024

fixed: lesismal/llib@d120a1b

from nbio.

acgreek commented on May 17, 2024

thank you

from nbio.

tls incompatible with winhttp about nbio HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent