Forum

Hello,

when I try to use hiawatha's https an error code SSL_ERROR_SSL returned. Could you help me to find the reason?
I use linux(kernel 2.6) and my openssl version is 0.9.8a. I generate the serverkey.pem file by the mkcert script and put it under the config directory, i.e. /usr/local/etc/hiawatha.
Here is my httpd.conf binding setting:

Binding {
        Port = 443
        UseSSL = yes 
}

I try to use "https://192.168.0.1" to visit the web page by IE6, IE7 and firefox. At this time the error message "SSL_ERROR_SSL" was printed by the web server and the connection is broken.
I checked the source code of hiawatha. The error code is retruned by function SSL_accept() which is from openssl lib.
Is there anything else I need config or I do something wrong?

-Kyle

# hiawatha -v
Hiawatha v5.5, SSL, cache

I assume you've included a "ServerKey = /usr/local/etc/hiawatha/serverkey.pem" in httpd.conf?

I see you're using Hiawatha 5.5. Version 5.7 is available. Can you try that one please? The SSL routine have been improved a little in the latest release.

Can you tell me what Linux distribution you are using? I've heard this problem before. There seems to be a problem in OpenSSL 0.9.8.

Thanks for your response.
Yes, I have a ServerKey = ... in my httpd.conf.
I want to use the Hiawatha webserver in my embeded linux system. I download and try the 5.7 version of hiawatha, the same error returned. As http works well in my system, I think maybe my embeded environment can't support openssl well.
If I find a solution, I'll let you know.

I found the reason for the failure : Libcrypto RAND utility requires either working /dev/random (which is not supported in HiveAP ) or a random seed. My box does not have /dev/random, so I change some code in “hiawatha.c”. These code will init a rand seed to libcrypto .
Now, it works all ok.
Thanks

Can you please share that extra code with me?

OK.

*** D:\hiawatha-5.7\hiawatha.c 2007-03-03 15:28:02.000000000 +-0800
--- Z:\websrv\hiawatha.c 2007-03-24 00:28:00.000000000 +-0800
***************
*** 75,84 ****
--- 75,87 ----
  
  volatile int received_signal = rs_NONE;
  char *hs_conlen      = "Content-Length: ";
  char *fb_filesystem  = "access denied via filesystem";
  char *fb_symlink     = "symlink not allowed";
  char *fb_accesslist  = "access denied via accesslist";
+ static const char rnd_seed[] = "string to make the random number generator think it has entropy";
  char *version_string = "Hiawatha v"VERSION
  
  
  #ifdef HAVE_SSL
  			", SSL"
  #endif
***************
*** 1097,1108 ****
--- 1100,1112 ----
  	signal(SIGCHLD, SIG_IGN);
  	signal(SIGTSTP, SIG_IGN);
  	signal(SIGABRT, SIG_IGN);
  	signal(SIGQUIT, SIG_IGN);
  	signal(SIGSEGV, SEGV_handler);
  
+       RAND_seed(rnd_seed, sizeof(rnd_seed));
  	config = default_config();
  	if (chdir(settings->config_dir) == -1) {
  		perror(settings->config_dir);
  		return EXIT_FAILURE;
  	} else if (settings->config_check) {
  		printf("Using %s\n", settings->config_dir);