Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https connection with cl-async #146

Open
fiddlerwoaroof opened this issue Apr 1, 2017 · 6 comments
Open

https connection with cl-async #146

fiddlerwoaroof opened this issue Apr 1, 2017 · 6 comments

Comments

@fiddlerwoaroof
Copy link

fiddlerwoaroof commented Apr 1, 2017
edited
Loading

I have issues connecting to certain SSL servers using cl-async, the code is here: http://paste.lisp.org/display/343066

Basically, this doesn't work, I don't get any output from the read callback.

(as-ssl:tcp-ssl-connect #1="api.ipify.org" 443
                        (lambda (a r)
                          a
                          (format t "~&GOT: ~s~%"
                                  (babel:octets-to-string r :encoding :iso-8859-1)))
                        :data (babel:string-to-octets
                               (format nil "GET / HTTP/1.1~c~%Host: ~a~0@*~c~%~0@*~c~%"
                                       #\return #1#)))

However, using cl+ssl directly does work:

(defun test-https-client (host &optional (port 443))
  (let* ((socket (usocket:socket-stream
                  (usocket:socket-connect host port
                                          :element-type '(unsigned-byte 8))))
         (https
          (flexi-streams:make-flexi-stream
            (cl+ssl:make-ssl-client-stream
             socket
             :hostname host
             :unwrap-stream-p t)
            :external-format :utf-8)))
    (unwind-protect (progn
                      (format https "GET / HTTP/1.0~c~%Host: ~a~0@*~c~%~0@*~c~%"
                              #\return host)
                      (force-output https)
                      (loop :for line = (read-line-crlf https nil)
                         :while line :do
                         (format t "HTTPS> ~a~%" line)))
      (close https))))
(test-https-client "api.ipify.org")
@fiddlerwoaroof
Copy link
Author

I should mention that, the cl-async code does work with other SSL sites, such as en.wikipedia.org

@fiddlerwoaroof
Copy link
Author

It looks to me like this has to do with SNI being setup correctly, I ran across this while trying to debug orthecreedence/carrier#16

@fiddlerwoaroof
Copy link
Author

I came up with a fix, although it's a hack, if I add the following lines just before https://github.com/orthecreedence/cl-async/blob/master/src/ssl/tcp.lisp#L337 , it works:

(cffi:with-foreign-string (host-f host)
  (cl+ssl::ssl-set-tlsext-host-name ssl host-f))

@mtstickney
Copy link
Contributor

The attached patch adds the necessary definitions to make SNI work (use ssl-set-tlsext-host-name in place of the cl+ssl function in the previous comment). I haven't added anything to tcp-ssl-connect-new, because I wasn't sure if it needed a new option or extra checking (e.g. I'm not sure it's ok to set an IP address as an SNI host). Hopefully the patch just saves a little time and manual-reading.

@fiddlerwoaroof
Copy link
Author

I think this one might be finished too?

@vaartis
Copy link
Contributor

vaartis commented Feb 28, 2019
edited
Loading

This still happens with some websites. While the OP site does work, e.g. https://safebooru.org (and most other sites that use the same old version of that engine) does not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mtstickney @fiddlerwoaroof @vaartis