Issue with TLS server #3
Description
Hi Eduard,
First of all, very impressive project you did almost 4 years for the quickjs and it blew my mind. very cool!
I tried to start the HTTPS server with it but I met some issue. Basically, after connected, it did not send the certificate on the server hello stage. Below is the log from the openssl testing client. Please shed some light on why it happened when you have time :-), thanks!
openssl s_client -connect 192.168.1.125:8083
CONNECTED(00000003)40D7C4B0317F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:304:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 304 bytes
Verification: OKNew, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Below is the log for jib with quickjs compiled and also DEBUG turned on. I also added some log for debugging.
00:17:05.405 LOG examples/servers.js:81: Server running at https://0.0.0.0:8083
00:17:08.153 LOG tls:35: [object Object] function unpoll() {
[native code]
}
00:17:08.162 LOG tls:52: net.recv 297 bytes.
Message type: 16, length: 292
HANDSHAKE MESSAGE
=> CLIENT HELLO
VERSION REQUIRED BY REMOTE 303, VERSION NOW 304
REMOTE SESSION ID: (32): 87 3B 00 FA F6 DF C9 3E 57 BF 47 26 4B 39 08 2C 75 24 EB 20 E2 DD 44 37 46 E6 1B FD 2E 20 6C FC
Extension: 0x0b (11), len: 4
SUPPORTED POINT FORMATS (4): 03 00 01 02
Extension: 0x0a (10), len: 22
SUPPORTED GROUPS (20): 00 1D 00 17 00 1E 00 19 00 18 01 00 01 01 01 02 01 03 01 04
SELECTED CURVE secp256r1
Extension: 0x023 (35), len: 0
Extension: 0x016 (22), len: 0
Extension: 0x017 (23), len: 0
Extension: 0x0d (13), len: 42
SUPPORTED SIGNATURES (42): 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0A 08 0B 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Extension: 0x02b (43), len: 9
SUPPORTED VERSIONS (9): 08 03 04 03 03 03 02 03 01
TLS 1.3 SUPPORTED
Extension: 0x02d (45), len: 2
EXTENSION, PSK KEY EXCHANGE MODES (2): 01 01
Extension: 0x033 (51), len: 38
EXTENSION, KEY SHARE (38): 00 24 00 1D 00 20 D9 CD FB FD 3D 1F 1A B2 66 8D 79 3B 1B 74 FD 4D EA 07 93 CD EC 17 7F 6F 05 94 85 55 17 89 7D 33
KEY SHARE => x25519
Initializing dependencies
x25519 KEY (32): F7 BC E3 60 C2 79 A1 13 C5 2C 34 DA FC 97 7D 36 D3 FB 7D 31 7A D8 2F E1 7E C0 8A FF 30 26 63 0F
=> DTLS COOKIE VERIFIED: 0 (291)
<= SENDING SERVER HELLO
EXTRACT (48): 7E E8 20 6F 55 70 02 3E 6D C7 51 9E B1 07 3B C4 E7 91 AD 37 B5 C3 82 AA 10 BA 18 E2 35 7E 71 69 71 F9 36 2F 2C 2F E2 A7 6B FD 78 DF EC 4E A9 B5
null hash (48): 38 B0 60 A7 51 AC 96 38 4C D9 32 7E B1 B1 E3 6A 21 FD B7 11 14 BE 07 43 4C 0C C7 BF 63 F6 E1 DA 27 4E DE BF E7 6F 65 FB D5 1A D2 F1 48 98 B9 5B
INFO (65): 00 30 0D 74 6C 73 31 33 20 64 65 72 69 76 65 64 30 38 B0 60 A7 51 AC 96 38 4C D9 32 7E B1 B1 E3 6A 21 FD B7 11 14 BE 07 43 4C 0C C7 BF 63 F6 E1 DA 27 4E DE BF E7 6F 65 FB D5 1A D2 F1 48 98 B9 5B
salt (48): 15 91 DA C5 CB BF 03 30 A4 A8 4D E9 C7 53 33 0E 92 D0 1F 0A 88 21 4B 44 64 97 2F D6 68 04 9E 93 E5 2F 2B 16 FA D9 22 FD C0 58 44 78 42 8F 28 2B
EXTRACT (48): C7 6E 46 B2 F3 F8 84 33 F5 82 8B 05 AD 9D 47 AE AA C9 0D 4E 62 A5 8B 40 CB 78 4B E3 DD F2 30 8F 82 CA FA 6D ED 54 5E D4 EC 1F B6 4D D0 2A 24 9D
messages hash (48): 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62
INFO (70): 00 30 12 74 6C 73 31 33 20 73 20 68 73 20 74 72 61 66 66 69 63 30 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62
s hs traffic (48): 42 03 44 01 E7 E3 3A 60 B4 FD AD 41 28 B6 E7 63 12 AD EF B2 88 44 7D 20 AC 1F 77 31 DE 35 9F D5 51 22 A1 C3 CE 5F 2A 17 E3 26 77 FA 4A 24 4B 7A
INFO (13): 00 20 09 74 6C 73 31 33 20 6B 65 79 00
INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00
INFO (70): 00 30 12 74 6C 73 31 33 20 63 20 68 73 20 74 72 61 66 66 69 63 30 47 15 CA BF 24 22 92 D9 46 01 9B D1 63 91 E1 CF BF 7C A6 D4 B9 A1 AD 76 4D 4C 93 61 0B 25 67 4C F9 13 E9 EA 5D CD 05 1E 55 E6 8C 17 E4 2F 32 62
INFO (13): 00 20 09 74 6C 73 31 33 20 6B 65 79 00
INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00
CLIENT KEY (32): CA 78 23 F3 2B 30 FF 17 BF 62 29 0D AC 17 59 1A 98 85 B7 88 32 B3 6D 11 79 06 74 64 EE E4 5A 09
CLIENT IV (12): 98 E2 34 55 FC B7 77 FD 6D 76 15 EF
SERVER KEY (32): 0B F7 3A C2 4B 52 C5 0C 4F E6 74 A7 A9 DF 14 E8 72 FD 2C F0 4E BE C7 3E A9 50 9A 84 22 82 36 B4
SERVER IV (12): 25 1D 9E 5D E8 14 22 F9 FE A2 79 E8
INFO (18): 00 30 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00
FINISHED (48): 1E FE F9 85 0C 74 EC 0C 18 3A F9 CA A3 ED 6F F5 34 52 14 A6 00 69 93 1E 8F 6F E5 4F F0 29 04 23 F2 21 11 48 1E 1A 90 3D A5 82 A9 30 30 A6 4C C2
INFO (18): 00 30 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00
REMOTE FINISHED (48): 81 E5 CA 28 11 47 4A E7 17 46 DC DB 48 95 AA BB E6 4C F8 CA 4D 8E 3A 1B 16 F5 04 FF CC 0B 8A D2 5F DB 76 D8 DE 2C C6 25 A0 B9 0D 26 2D 95 AD 42
Using cipher ID: 1302
<= SENDING ENCRYPTED EXTENSIONS
<= SENDING CERTIFICATE
<= SENDING CERTIFICATE VERIFY
verify data (146): 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 54 4C 53 20 31 2E 33 2C 20 73 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 56 65 72 69 66 79 00 05 BB C9 01 6A B9 EE 57 8A 25 23 2E 40 8D 98 6E 69 60 1E 89 E5 A9 1A 9B A8 A0 4F FE 58 FC DC 30 5C DC C8 57 83 51 8D 88 01 94 68 47 32 0B FE 3C
RSA signing OK! (length 256)
<= SENDING FINISHED
HS HASH (48): F6 4E FB 78 47 7E D2 58 2C 2F 6F 6F F8 4E 30 E2 E2 70 A7 FA 16 9B E2 33 B1 41 16 4E EA 1E 89 FD 16 EE 33 C0 47 C2 92 AA 0A D8 4D FB 77 CC B9 05
HS FINISH (48): 1E FE F9 85 0C 74 EC 0C 18 3A F9 CA A3 ED 6F F5 34 52 14 A6 00 69 93 1E 8F 6F E5 4F F0 29 04 23 F2 21 11 48 1E 1A 90 3D A5 82 A9 30 30 A6 4C C2
HS REMOTE FINISH (48): 81 E5 CA 28 11 47 4A E7 17 46 DC DB 48 95 AA BB E6 4C F8 CA 4D 8E 3A 1B 16 F5 04 FF CC 0B 8A D2 5F DB 76 D8 DE 2C C6 25 A0 B9 0D 26 2D 95 AD 42
VERIFY DATA (48): A4 15 F1 CE 10 C9 1E 46 C5 F4 29 63 6A 84 BE 7A 5D ED 03 5E B6 6F CB 3B F0 9B FC 0E 5D 64 C2 01 18 03 B4 E9 66 6A F6 7A CC 1E 43 61 02 AA 21 84
Consumed 297 bytes
00:17:08.174 LOG tls:59: before Date().getTime
00:17:08.174 LOG tls:61: 1698553028174
0 2 1-304
tls_established 0x7fde35771010
00:17:08.174 LOG tls:92: Not established? ...
0 2 1-304
tls_established 0x7fde35771010
00:17:20.154 FATAL examples/servers.js:0: TypeError: not a function
at (tls:42)
It seems that it stuck at the following lines of codes in src/misc/tlse.c
#ifdef WITH_TLS_13
if (context->connection_status == 3) {
context->connection_status = 2;
_private_tls_write_packet(tls_build_hello(context, 0));
_private_tls_write_packet(tls_build_change_cipher_spec(context));
_private_tls13_key(context, 1);
context->cipher_spec_set = 1;
DEBUG_PRINT("<= SENDING ENCRYPTED EXTENSIONS\n");
_private_tls_write_packet(tls_build_encrypted_extensions(context));
if (context->request_client_certificate) {
DEBUG_PRINT("<= SENDING CERTIFICATE REQUEST\n");
_private_tls_write_packet(tls_certificate_request(context));
}
DEBUG_PRINT("<= SENDING CERTIFICATE\n");
_private_tls_write_packet(tls_build_certificate(context));
DEBUG_PRINT("<= SENDING CERTIFICATE VERIFY\n");
_private_tls_write_packet(tls_build_certificate_verify(context));
DEBUG_PRINT("<= SENDING FINISHED\n");
_private_tls_write_packet(tls_build_finished(context));
// new key
TLS_FREE(context->server_finished_hash);
context->server_finished_hash = (unsigned char *)TLS_MALLOC(_private_tls_mac_length(context));
if (context->server_finished_hash)
_private_tls_get_hash(context, context->server_finished_hash);
break;
}
#endif
Cheers,