Hamayama/information.txt

## information.txt
＜Scheme:初心者の質問箱＞

https://practical-scheme.net/wiliki/wiliki.cgi?Scheme%3A%E5%88%9D%E5%BF%83%E8%80%85%E3%81%AE%E8%B3%AA%E5%95%8F%E7%AE%B1
(rfc.http) http-get での error について(Gauche-0.9.12)

(use rfc.http)
(http-get "artscape.jp" "/exhibition/traveling/index.html" :secure #t)

*** ERROR: TLS handshake failed: SSL - A field in a message was incorrect or inconsistent with other fields (-26112)

(2022-9-15)

## tls-mbed.c.diff
--- tls-mbed_orig2.c	2022-09-15 11:54:24.556467800 +0900
+++ tls-mbed.c	2022-09-17 20:10:44.437598600 +0900
@@ -43,6 +43,53 @@
 #include <mbedtls/entropy.h>
 #include <mbedtls/net_sockets.h>

+
+/* Additional setting */
+#define DEBUG_LOG_ON
+#define ALLOW_MD_SHA1
+
+
+#if defined(DEBUG_LOG_ON)
+#include "mbedtls/debug.h"
+
+/* Debug log setting */
+#define DEBUG_LEVEL 1
+#define DEBUG_LOG_FILE "c:/work/log_mbedtls.txt"
+
+/* Debug log function */
+static void my_debug( void *ctx, int level,
+                      const char *file, int line,
+                      const char *str )
+{
+    ((void) level);
+    ((void) ctx);
+
+    /* mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); */
+    /* fflush(  (FILE *) ctx  ); */
+
+    FILE *log_file = fopen(DEBUG_LOG_FILE, "a");
+    if (log_file == NULL) return;
+    fprintf(log_file, "%s:%04d: %s", file, line, str);
+    fclose(log_file);
+}
+#endif /* DEBUG_LOG_ON */
+
+
+#if defined(ALLOW_MD_SHA1)
+/* Supported message digests */
+static const int ssl_sig_hashes_for_test[] = {
+    MBEDTLS_MD_RIPEMD160,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA224,
+    /* Allow SHA-1 even though it is deprecated. */
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_NONE
+};
+#endif /* ALLOW_MD_SHA1 */
+
+
 /* NB: In only MbedTLS 3.0, the member 'fd' in mbedtls_net_context structure
        is private and this macro is required to access it. */
 #if (MBEDTLS_VERSION_MAJOR == 3) && (MBEDTLS_VERSION_MINOR == 0)
@@ -178,6 +225,20 @@
     mbedtls_ssl_conf_ca_chain(&t->conf, &t->ca, NULL);
     mbedtls_ssl_conf_authmode(&t->conf, MBEDTLS_SSL_VERIFY_REQUIRED);

+
+#if defined(DEBUG_LOG_ON)
+    /* Setup debug log */
+    mbedtls_debug_set_threshold( DEBUG_LEVEL );
+    mbedtls_ssl_conf_dbg( &t->conf, my_debug, stdout );
+#endif /* DEBUG_LOG_ON */
+
+
+#if defined(ALLOW_MD_SHA1)
+    /* Allow server signature using SHA-1 */
+    mbedtls_ssl_conf_sig_hashes( &t->conf, ssl_sig_hashes_for_test );
+#endif /* ALLOW_MD_SHA1 */
+
+
     if(mbedtls_ssl_setup(&t->ctx, &t->conf) != 0) {
         Scm_SysError("mbedtls_ssl_setup() failed");
     }
	＜Scheme:初心者の質問箱＞

	https://practical-scheme.net/wiliki/wiliki.cgi?Scheme%3A%E5%88%9D%E5%BF%83%E8%80%85%E3%81%AE%E8%B3%AA%E5%95%8F%E7%AE%B1
	(rfc.http) http-get での error について(Gauche-0.9.12)

	(use rfc.http)
	(http-get "artscape.jp" "/exhibition/traveling/index.html" :secure #t)

	*** ERROR: TLS handshake failed: SSL - A field in a message was incorrect or inconsistent with other fields (-26112)

	(2022-9-15)
	--- tls-mbed_orig2.c 2022-09-15 11:54:24.556467800 +0900
	+++ tls-mbed.c 2022-09-17 20:10:44.437598600 +0900
	@@ -43,6 +43,53 @@
	#include <mbedtls/entropy.h>
	#include <mbedtls/net_sockets.h>

	+
	+/* Additional setting */
	+#define DEBUG_LOG_ON
	+#define ALLOW_MD_SHA1
	+
	+
	+#if defined(DEBUG_LOG_ON)
	+#include "mbedtls/debug.h"
	+
	+/* Debug log setting */
	+#define DEBUG_LEVEL 1
	+#define DEBUG_LOG_FILE "c:/work/log_mbedtls.txt"
	+
	+/* Debug log function */
	+static void my_debug( void *ctx, int level,
	+ const char *file, int line,
	+ const char *str )
	+{
	+ ((void) level);
	+ ((void) ctx);
	+
	+ /* mbedtls_fprintf( (FILE ) ctx, "%s:%04d: %s", file, line, str ); /
	+ /* fflush( (FILE ) ctx ); /
	+
	+ FILE *log_file = fopen(DEBUG_LOG_FILE, "a");
	+ if (log_file == NULL) return;
	+ fprintf(log_file, "%s:%04d: %s", file, line, str);
	+ fclose(log_file);
	+}
	+#endif /* DEBUG_LOG_ON */
	+
	+
	+#if defined(ALLOW_MD_SHA1)
	+/* Supported message digests */
	+static const int ssl_sig_hashes_for_test[] = {
	+ MBEDTLS_MD_RIPEMD160,
	+ MBEDTLS_MD_SHA512,
	+ MBEDTLS_MD_SHA384,
	+ MBEDTLS_MD_SHA256,
	+ MBEDTLS_MD_SHA224,
	+ /* Allow SHA-1 even though it is deprecated. */
	+ MBEDTLS_MD_SHA1,
	+ MBEDTLS_MD_NONE
	+};
	+#endif /* ALLOW_MD_SHA1 */
	+
	+
	/* NB: In only MbedTLS 3.0, the member 'fd' in mbedtls_net_context structure
	is private and this macro is required to access it. */
	#if (MBEDTLS_VERSION_MAJOR == 3) && (MBEDTLS_VERSION_MINOR == 0)
	@@ -178,6 +225,20 @@
	mbedtls_ssl_conf_ca_chain(&t->conf, &t->ca, NULL);
	mbedtls_ssl_conf_authmode(&t->conf, MBEDTLS_SSL_VERIFY_REQUIRED);

	+
	+#if defined(DEBUG_LOG_ON)
	+ /* Setup debug log */
	+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
	+ mbedtls_ssl_conf_dbg( &t->conf, my_debug, stdout );
	+#endif /* DEBUG_LOG_ON */
	+
	+
	+#if defined(ALLOW_MD_SHA1)
	+ /* Allow server signature using SHA-1 */
	+ mbedtls_ssl_conf_sig_hashes( &t->conf, ssl_sig_hashes_for_test );
	+#endif /* ALLOW_MD_SHA1 */
	+
	+
	if(mbedtls_ssl_setup(&t->ctx, &t->conf) != 0) {
	Scm_SysError("mbedtls_ssl_setup() failed");
	}