Skip to content

Instantly share code, notes, and snippets.

@Hamayama
Last active September 17, 2022 11:11
Show Gist options
  • Save Hamayama/323401fac11fdc33144c07acc8bc4b26 to your computer and use it in GitHub Desktop.
Save Hamayama/323401fac11fdc33144c07acc8bc4b26 to your computer and use it in GitHub Desktop.
Gauche の http-get で、mbedTLS のエラーが出る件の調査
<Scheme:初心者の質問箱>
https://practical-scheme.net/wiliki/wiliki.cgi?Scheme%3A%E5%88%9D%E5%BF%83%E8%80%85%E3%81%AE%E8%B3%AA%E5%95%8F%E7%AE%B1
(rfc.http) http-get での error について(Gauche-0.9.12)
(use rfc.http)
(http-get "artscape.jp" "/exhibition/traveling/index.html" :secure #t)
*** ERROR: TLS handshake failed: SSL - A field in a message was incorrect or inconsistent with other fields (-26112)
(2022-9-15)
--- tls-mbed_orig2.c 2022-09-15 11:54:24.556467800 +0900
+++ tls-mbed.c 2022-09-17 20:10:44.437598600 +0900
@@ -43,6 +43,53 @@
#include <mbedtls/entropy.h>
#include <mbedtls/net_sockets.h>
+
+/* Additional setting */
+#define DEBUG_LOG_ON
+#define ALLOW_MD_SHA1
+
+
+#if defined(DEBUG_LOG_ON)
+#include "mbedtls/debug.h"
+
+/* Debug log setting */
+#define DEBUG_LEVEL 1
+#define DEBUG_LOG_FILE "c:/work/log_mbedtls.txt"
+
+/* Debug log function */
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+ ((void) ctx);
+
+ /* mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); */
+ /* fflush( (FILE *) ctx ); */
+
+ FILE *log_file = fopen(DEBUG_LOG_FILE, "a");
+ if (log_file == NULL) return;
+ fprintf(log_file, "%s:%04d: %s", file, line, str);
+ fclose(log_file);
+}
+#endif /* DEBUG_LOG_ON */
+
+
+#if defined(ALLOW_MD_SHA1)
+/* Supported message digests */
+static const int ssl_sig_hashes_for_test[] = {
+ MBEDTLS_MD_RIPEMD160,
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+ /* Allow SHA-1 even though it is deprecated. */
+ MBEDTLS_MD_SHA1,
+ MBEDTLS_MD_NONE
+};
+#endif /* ALLOW_MD_SHA1 */
+
+
/* NB: In only MbedTLS 3.0, the member 'fd' in mbedtls_net_context structure
is private and this macro is required to access it. */
#if (MBEDTLS_VERSION_MAJOR == 3) && (MBEDTLS_VERSION_MINOR == 0)
@@ -178,6 +225,20 @@
mbedtls_ssl_conf_ca_chain(&t->conf, &t->ca, NULL);
mbedtls_ssl_conf_authmode(&t->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+#if defined(DEBUG_LOG_ON)
+ /* Setup debug log */
+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
+ mbedtls_ssl_conf_dbg( &t->conf, my_debug, stdout );
+#endif /* DEBUG_LOG_ON */
+
+
+#if defined(ALLOW_MD_SHA1)
+ /* Allow server signature using SHA-1 */
+ mbedtls_ssl_conf_sig_hashes( &t->conf, ssl_sig_hashes_for_test );
+#endif /* ALLOW_MD_SHA1 */
+
+
if(mbedtls_ssl_setup(&t->ctx, &t->conf) != 0) {
Scm_SysError("mbedtls_ssl_setup() failed");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment