I'm using an ssl certificate from cacert.org.
Webui seems fine when listening to http. But configured for https it is mostly broken. Every now and then I can browse using https after a restart of WEBUI, but usually it just hangs.
Http only config.
Code: Select all
$sea /mat=nor civetweb.conf #
listening_ports 80
document_root /civetweb$root/htdocs
url_rewrite_patterns /api/**=/civetweb$root/htdocs/api/api.lua
error_log_file /civetweb$root/logs/civetweb_errors.log
access_log_file /civetweb$root/logs/access.log
But when configured for https, I have problems.
As long as I do not browse to https (stay on http), WEBUI performs fine.
My civetweb.conf with https:
Code: Select all
$sea /mat=nor civetweb.conf;-1 #
listening_ports 80,443s
ssl_ca_path /civetweb$root/resources/ca/
ssl_certificate /civetweb$root/resources/cert/server.pem
document_root /civetweb$root/htdocs
url_rewrite_patterns /api/**=/civetweb$root/htdocs/api/api.lua
error_log_file /civetweb$root/logs/civetweb_errors.log
access_log_file /civetweb$root/logs/access.log
ssl_protocol_version 2
Code: Select all
logs/pthread_dump.log 1977/2705 73%
%DECthreads bugcheck (version V3.23-001), terminating execution.
%Reason: lckMcsLock: deadlock detected, cell = 0x261b280
%Running on OpenVMS V9.2 on Red Hat KVM, 7660Mb; 4 CPUs
% The bugcheck occurred at 03-OCT-2022 11:47:23.07, running image
% EAGLE$DKA100:[SYS0.SYSCOMMON.civetweb.][bin]civetweb.exe;1 in process
% 421 (named "CIVETWEB"), under username "SYSTEM". AST delivery is enabled for
% all modes; ASTs are active in user. Upcalls are disabled. Multiple kernel
% threads are disabled.
% The current thread sequence number is 3, at 0x261b280
% Current thread traceback:
Code: Select all
logs/CIVETWEB_EAGLE.LOG 1279/135K 0%
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
Loading config file /civetweb$root/conf/civetweb.conf
Reading service details from /civetweb$root/conf/services.conf
Reading thread details from /civetweb$root/conf/threads.conf
3-OCT-2022 11:47:22.34: SL_CLI-I-ALRTINIT, Alert images loading:
SQL: opcom ok, intru ok, device ok, purge ok, term ok, init ok
%DECthreads bugcheck (version V3.23-001), terminating execution.
% Reason: lckMcsLock: deadlock detected, cell = 0x261b280
% Running on OpenVMS V9.2() on Red Hat KVM, 7660Mb; 4 CPUs, pid 1057
% The bugcheck occurred at 03-OCT-2022 11:47:23.07, running image
% EAGLE$DKA100:[SYS0.SYSCOMMON.civetweb.][bin]civetweb.exe;1 in process
% 421 (named "CIVETWEB"), under username "SYSTEM". AST delivery is enabled for
% all modes; ASTs are active in user. Upcalls are disabled. Multiple kernel
% threads are disabled.
% The current thread sequence number is 3, at 0x261b280
% Current thread traceback:
Below - the first nmap kills civet, the 2nd nmap shows https being broken. (I did these command in close succession)
Code: Select all
[david@fauci ~]$ nmap --script ssl-enum-ciphers -p 443 eagle
Starting Nmap 7.70 ( https://nmap.org ) at 2022-10-03 13:17 EDT
Nmap scan report for eagle (192.168.1.69)
Host is up (0.00035s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| compressors:
|
| cipher preference: indeterminate
| cipher preference error: Too few ciphers supported
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 28.52 seconds
[david@fauci ~]$ nmap --script ssl-enum-ciphers -p 443 eagle
Starting Nmap 7.70 ( https://nmap.org ) at 2022-10-03 13:18 EDT
Nmap scan report for eagle (192.168.1.69)
Host is up (0.00050s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 30.78 seconds
[david@fauci ~]$ $ ty [-.logs]civetweb_errors.log
Code: Select all
[1664817414] [error] [client 192.168.1.34] sslize error: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
[1664817414] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817415] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817415] [error] [client 192.168.1.34] sslize error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
[1664817415] [error] [client 192.168.1.34] sslize error: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
[1664817415] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817415] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817415] [error] [client 192.168.1.34] sslize error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
[1664817416] [error] [client 192.168.1.34] sslize error: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
[1664817416] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817416] [error] [client 192.168.1.34] sslize error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
[1664817416] [error] [client 192.168.1.34] SSL syscall error 0
Code: Select all
CIVETWEB_EAGLE.LOG
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
Loading config file /civetweb$root/conf/civetweb.conf
Reading service details from /civetweb$root/conf/services.conf
Reading thread details from /civetweb$root/conf/threads.conf
3-OCT-2022 11:47:22.34: SL_CLI-I-ALRTINIT, Alert images loading:
SQL: opcom ok, intru ok, device ok, purge ok, term ok, init ok
%DECthreads bugcheck (version V3.23-001), terminating execution.
% Reason: lckMcsLock: deadlock detected, cell = 0x261b280
% Running on OpenVMS V9.2() on Red Hat KVM, 7660Mb; 4 CPUs, pid 1057
% The bugcheck occurred at 03-OCT-2022 11:47:23.07, running image
% EAGLE$DKA100:[SYS0.SYSCOMMON.civetweb.][bin]civetweb.exe;1 in process
% 421 (named "CIVETWEB"), under username "SYSTEM". AST delivery is enabled for
% all modes; ASTs are active in user. Upcalls are disabled. Multiple kernel
% threads are disabled.
% The current thread sequence number is 3, at 0x261b280
% Current thread traceback:
% 0: PC 0x7a785b6, SP 0x2617510, ICTX 0x2617510
Code: Select all
[b]pthread_dump.log [/b] 1977/2705 73%
%DECthreads bugcheck (version V3.23-001), terminating execution.
%Reason: lckMcsLock: deadlock detected, cell = 0x261b280
%Running on OpenVMS V9.2 on Red Hat KVM, 7660Mb; 4 CPUs
% The bugcheck occurred at 03-OCT-2022 11:47:23.07, running image
% EAGLE$DKA100:[SYS0.SYSCOMMON.civetweb.][bin]civetweb.exe;1 in process
% 421 (named "CIVETWEB"), under username "SYSTEM". AST delivery is enabled for
% all modes; ASTs are active in user. Upcalls are disabled. Multiple kernel
% threads are disabled.
% The current thread sequence number is 3, at 0x261b280
% Current thread traceback:
% 0: PC 0x7a785b6, SP 0x2617510, ICTX 0x2617510
$sh sys
OpenVMS V9.2 on node EAGLE 3-OCT-2022 13:56:36.97 Uptime 0 02:09:28
------------------------------------ ----------- ---------
PRODUCT KIT TYPE STATE
------------------------------------ ----------- ---------
VMSPORTS X86VMS PERL534 T5.34-0 Full LP Installed
VSI X86VMS AVAIL_MAN_BASE V9.2 Full LP Installed
VSI X86VMS CIVETWEB V1.14-0D Full LP Installed
VSI X86VMS DECNET_PLUS V9.2-B Full LP Installed
VSI X86VMS DWMOTIF V1.8 Full LP Installed
VSI X86VMS DWMOTIF_SUPPORT V9.2 Full LP Installed
VSI X86VMS KERBEROS V3.3-2 Full LP Installed
VSI X86VMS LUA V5.3-5D Full LP Installed
VSI X86VMS OPENSSH V8.9-1B Full LP Installed
VSI X86VMS OPENVMS V9.2 Platform Installed
VSI X86VMS SSL111 V1.1-1N Full LP Installed
VSI X86VMS TCPIP X6.0-16 Full LP Installed
VSI X86VMS VMS V9.2 Oper System Installed
VSI X86VMS WEBUI V4.1-1 Full LP Installed
------------------------------------ ----------- ---------
14 items found
[/code]