Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

awc_https example is not working in windows 10 with gnu toolchain #330

Open
Zhappa opened this issue Jun 10, 2020 · 5 comments
Open

awc_https example is not working in windows 10 with gnu toolchain #330

Zhappa opened this issue Jun 10, 2020 · 5 comments
Labels
bug Something isn't working

Comments

@Zhappa
Copy link

Zhappa commented Jun 10, 2020

Sorry, I didn't get what do you mean. I need to configure something to make it work?

@Pzixel I was able to configure https requests by following awc_https example.

// src/main.rs

use actix_web::client::{Client, Connector};
use openssl::ssl::{SslConnector, SslMethod};

#[actix_rt::main]
async fn main() {
    let builder = SslConnector::builder(SslMethod::tls()).unwrap();

    let client = Client::build()
        .connector(Connector::new().ssl(builder.build()).finish())
        .finish();

    // Create request builder and send request
    let response = client
        .get("https://www.rust-lang.org") // <--- notice the "s" in "https://..."
        .header("User-Agent", "Actix-web")
        .send()
        .await; // <- Send http request

    println!("Response: {:?}", response);
}

Which returns

ClientResponse HTTP/1.1 200 OK
  headers:
    "strict-transport-security": "max-age=63072000"
    "x-amz-cf-id": "nQUn97FTnU4iEG8giZxGeePvVyqrzp8jYsPspK2OvhrtFEMLIrdYiw=="
    "x-cache": "Miss from cloudfront"
    "x-xss-protection": "1; mode=block"
    "x-content-type-options": "nosniff"
    "via": "1.1 vegur, 1.1 650962b00c259fe47c193b15b2fe4b88.cloudfront.net (CloudFront)"
    "x-amz-cf-pop": "VIE50-C1"
    "content-security-policy": "default-src 'self'; frame-ancestors 'self'; img-src 'self' avatars.githubusercontent.com; frame-src 'self' player.vimeo.com"
    "content-length": "19220"
    "referrer-policy": "no-referrer, strict-origin-when-cross-origin"
    "vary": "Accept-Encoding"
    "server": "Rocket"
    "content-type": "text/html; charset=utf-8"
    "date": "Tue, 02 Jun 2020 10:51:59 GMT"
    "connection": "keep-alive"
)

This is strange, but example never work on my machine, i always get something like:

Response on post: Err(
    Connect(
        Io(
            Custom {
                kind: Other,
                error: "the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl\\statem\\statem_clnt.c:1915:: unable to get local issuer certificate",
            },
        ),
    ),
)

The only way to make it work is to disable verification completely (which is not a case to work with)

async fn index(_req: HttpRequest) -> HttpResponse {
    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
    builder.set_verify(SslVerifyMode::NONE);

    let client = Client::build()
        .connector(Connector::new().ssl(builder.build()).finish())
        .finish();

    let now = std::time::Instant::now();
    let payload =
        client
        .get("https://upload.wikimedia.org/wikipedia/commons/f/ff/Pizigani_1367_Chart_10MB.jpg")
        .send()
        .await
        .unwrap()
        .body()
        .limit(20_000_000)  // sets max allowable payload size
        .await
        .unwrap();

Can anybody verify this example works out of the box on his machine? (

let builder = SslConnector::builder(SslMethod::tls()).unwrap();
let client = Client::build()
.connector(Connector::new().ssl(builder.build()).finish())
.finish();
)

Also my "rustup show":

stable-x86_64-pc-windows-gnu (default)
rustc 1.43.1 (8d69840ab 2020-05-04)

I using windows 10 x64

Originally posted by @Zhappa in actix/actix-web#1045 (comment)

@Zhappa
Copy link
Author

Zhappa commented Jun 10, 2020

Hi, @robjtede!
actix/actix-web#1045 (comment) - confirm this happens not only within my machine.

Can you please take a look?
Thank you!

@Zhappa
Copy link
Author

Zhappa commented Jun 10, 2020

Also, if this issue is caused by the missing of openssl binaries in windows (which, i believe, should be downloaded separately, from http://gnuwin32.sourceforge.net/packages/openssl.htm for instance), then this example is not really a cross-platform one.
Maybe additional example using https://github.com/ctz/rustls and https://github.com/ctz/rustls-native-certs will help.
Thanks!

@Pzixel
Copy link

Pzixel commented Jun 10, 2020

Related to: actix/actix-web#1560

@robjtede
Copy link
Member

I’m not able to test on Windows. Sorry.

@dev10
Copy link

dev10 commented Oct 14, 2020

Hi,
I had the same error on MacOS Catalina using certificates installed with mkcert:

stable-x86_64-apple-darwin (default)
rustc 1.47.0 (18bf6b4f0 2020-10-07)

actix-web = { version = "~3.1", features = ["openssl"] }
actix-cors = "~0.4"
openssl = { version = "~0.10" }

curl and firefox can connect successfully to the SSL enabled Actix server.
However, openssl fails with a similar error when doing the following:
openssl s_client -connect 127.0.0.1:8888
Errors:
verify error:num=20:unable to get local issuer certificate
Verify return code: 21 (unable to verify the first certificate)

I fixed openssl by using this command:
openssl s_client -connect 127.0.0.1:8888 -CAfile ~/Library/Application\ Support/mkcert/rootCA.pem
Response:
Verify return code: 0 (ok)

So it looks like even though some other programs work, openssl itself doesn't see the file automatically.

I had to fix the code like this:

let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
builder
    .set_ca_file("rootCA.pem")
    .unwrap();

@robjtede robjtede added the bug Something isn't working label Mar 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants