Overview
Features
Download
Documentation
Community
Add-Ons & Services

HTTPS with POCO

Please post support and help requests here.

HTTPS with POCO

Postby fgabbanini » 20 Aug 2012, 11:52

Hello,

I am trying to implement an HTTPS server using the POCO libraries. I have written an example based on the HTTPTimeServer example that comes with the POCO source code.
I am using POCO 1.4.3p1 (complete edition), including compiled on a Windows 7 machine using Visual Studio 2008. I also set up OpenSSL.

Basically, in my example, SSL is initialized, a SecureServerSocket is instantiated on port 10444 and an HTTPServer is started using the SecureServerSocket.
I use keep alive with a keep alive timeout set to 5 seconds.

The example is attached as a zip file containing c++ code.

The problem I have is the following:
- I use Firefox 14.0.1 to connect to https://localhost:10444;
- the server responds correctly to the first request;
- as soon as the keep alive timeout elapses the server stops responding (the error message given by Firefox is: "The connection to the server was reset while the page was loading") and it is impossible to connect to the server again.

Browsing the source code of the HTTPServerConnection::run method in debug mode, I could see that after the keep alive timeout elapses the application is no longer able to initialize a HTTPServerRequestImpl object (see call to HTTPServerRequestImpl request(response, session, _pParams);) and an exception is thrown with an error code of HTTPResponse::HTTP_BAD_REQUEST.

What am I doing wrong?

Thanks in advance for the support.

Francesco.
Attachments
HTTPSServer.zip
HTTPS example source code
(1.56 KiB) Downloaded 74 times
fgabbanini
 
Posts: 1
Joined: 20 Aug 2012, 11:29

Re: HTTPS with POCO

Postby guenter » 22 Aug 2012, 19:48

This issue is related to SSL/TLS session caching and seems to be a result of the combination of a newer OpenSSL version and persistent connections with current Firefox. I did not observe this behavior with Chrome or Safari. To fix this, either set a session cache context or disable stateless session resumption in the Context:

Code: Select all
class SSLInit {
public:
   static void init() {
      Poco::Path mycert( Poco::Util::ServerApplication::instance().config().getString("application.configDir") );
      mycert.append("any.pem");
      Poco::SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler(true);
      Poco::SharedPtr<InvalidCertificateHandler> pCertHandler = new AcceptCertificateHandler(true);
      Context::Ptr pContext = new Context(Context::SERVER_USE, mycert.toString(), mycert.toString(), "", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
      //pContext->disableStatelessSessionResumption();
      pContext->enableSessionCache(true, "MyApp");
      SSLManager::instance().initializeServer(pConsoleHandler, pCertHandler, pContext);
   }
};
guenter
 
Posts: 1157
Joined: 11 Jul 2006, 16:27
Location: Austria


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron